Paolo Serracino

5 exploits Active since Nov 2018
CVE-2018-19518 METASPLOIT HIGH ruby WORKING POC
University of Washington IMAP Toolkit 2007f - Command Injection
University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. For example, if rsh is a link to ssh (as seen on Debian and Ubuntu systems), then the attack can use an IMAP server name containing a "-oProxyCommand" argument.
CVSS 7.5
CVE-2025-34034 EXPLOITDB HIGH python WORKING POC
Blue Angel Software Suite - Info Disclosure
A hardcoded credential vulnerability exists in the Blue Angel Software Suite deployed on embedded Linux systems. The application contains multiple known default and hardcoded user accounts that are not disclosed in public documentation. These accounts allow unauthenticated or low-privilege attackers to gain administrative access to the device’s web interface. Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-26 UTC.
CVSS 8.8
CVE-2025-34033 EXPLOITDB HIGH python WORKING POC
Blue Angel Software Suite - Command Injection
An OS command injection vulnerability exists in the Blue Angel Software Suite running on embedded Linux devices via the ping_addr parameter in the webctrl.cgi script. The application fails to properly sanitize input before passing it to the system-level ping command. An authenticated attacker can inject arbitrary commands by appending shell metacharacters to the ping_addr parameter in a crafted GET request to /cgi-bin/webctrl.cgi?action=pingtest_update. The command's output is reflected in the application's web interface, enabling attackers to view results directly. Default and backdoor credentials can be used to access the interface and exploit the issue. Successful exploitation results in arbitrary command execution as the root user. Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-26 UTC.
CVSS 8.8
CVE-2018-1000859 METASPLOIT ruby WORKING POC
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-19518. Reason: This candidate is a reservation duplicate of CVE-2018-19518. Notes: All CVE users should reference CVE-2018-19518 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
EIP-2026-107616 EXPLOITDB python WORKING POC
Horde Imp - 'imap_open' Remote Command Execution