Paolo Stagno aka VoidSec

5 exploits Active since Nov 2020
CVE-2020-28054 NOMISEC HIGH WORKING POC
JamoDat TSMManager Collector <6.5.0.21 - Auth Bypass
JamoDat TSMManager Collector version up to 6.5.0.21 is vulnerable to an Authorization Bypass because the Collector component is not properly validating an authenticated session with the Viewer. If the Viewer has been modified (binary patched) and the Bypass Login functionality is being used, an attacker can request every Collector's functionality as if they were a properly logged-in user: administrating connected instances, reviewing logs, editing configurations, accessing the instances' consoles, accessing hardware configurations, etc.Exploiting this vulnerability won't grant an attacker access nor control on remote ISP servers as no credentials is sent with the request.
7 stars
CVSS 7.5
CVE-2020-28198 WRITEUP HIGH WORKING POC
IBM Tivoli Storage Manager 5.2 - Stack Buffer Overflow via 'id' Parameter in Interactive Mode
The 'id' parameter of IBM Tivoli Storage Manager Version 5 Release 2 (Command Line Administrative Interface, dsmadmc.exe) is vulnerable to an exploitable stack buffer overflow. Note: the vulnerability can be exploited when it is used in "interactive" mode while, cause of a max number characters limitation, it cannot be exploited in batch or command line usage (e.g. dsmadmc.exe -id=username -password=pwd). NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVSS 7.0
CVE-2021-41285 WRITEUP HIGH WORKING POC
Ballistix MOD Utility <2.0.2.5 - Privilege Escalation
Ballistix MOD Utility through 2.0.2.5 is vulnerable to privilege escalation in the MODAPI.sys driver component. The vulnerability is triggered by sending a specific IOCTL request that allows low-privileged users to directly interact with physical memory via the MmMapIoSpace function call (mapping physical memory into a virtual address space). Attackers could exploit this issue to achieve local privilege escalation to NT AUTHORITY\SYSTEM.
CVSS 7.8
CVE-2021-21551 EXPLOITDB HIGH WORKING POC
Dell DBUtil < 2.3 - Authenticated Insufficient Access Control in IOCTL Handler
Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.
CVSS 8.8
EIP-2026-117300 EXPLOITDB python WORKING POC
IBM Tivoli Storage Manager Command Line Administrative Interface 5.2.0.1 - id' Field Stack Based Buffer Overflow