Noman Riffat

6 exploits Active since Jan 2018
CVE-2017-17097 EXPLOITDB CRITICAL text WRITEUP
GPS Tracking Software 2.x - Info Disclosure
gps-server.net GPS Tracking Software (self hosted) 2.x has a password reset procedure that immediately resets passwords upon an unauthenticated request, and then sends e-mail with a predictable (date-based) password to the admin, which makes it easier for remote attackers to obtain access by predicting this new password. This is related to the use of gmdate for password creation in fn_connect.php.
CVSS 9.8
EIP-2026-114162 EXPLOITDB text WORKING POC
WordPress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation
CVE-2019-18951 EXPLOITDB HIGH text WORKING POC
SibSoft Xfilesharing <2.5.1 - Path Traversal
SibSoft Xfilesharing through 2.5.1 allows op=page&tmpl=../ directory traversal to read arbitrary files.
CVSS 7.5
CVE-2017-17098 EXPLOITDB CRITICAL text WRITEUP
GPS Tracking Software <3.0 - Code Injection
The writeLog function in fn_common.php in gps-server.net GPS Tracking Software (self hosted) through 3.0 allows remote attackers to inject arbitrary PHP code via a crafted request that is mishandled during admin log viewing, as demonstrated by <?php system($_GET[cmd]); ?> in a login request.
CVSS 9.8
CVE-2019-16399 EXPLOITDB CRITICAL text WORKING POC
Western Digital WD My Book World - Auth Bypass
Western Digital WD My Book World through II 1.02.12 suffers from Broken Authentication, which allows an attacker to access the /admin/ directory without credentials. An attacker can easily enable SSH from /admin/system_advanced.php?lang=en and login with the default root password welc0me.
CVSS 9.8
CVE-2018-9248 EXPLOITDB CRITICAL text WRITEUP
Fiberhome Vdsl2 Modem HG 150-ub Firmware - Authentication Bypass
FiberHome VDSL2 Modem HG 150-UB devices allow authentication bypass via a "Cookie: Name=0admin" header.
CVSS 9.8