Patrik Lantz

7 exploits Active since Jan 2013
CVE-2020-13848 WRITEUP HIGH WRITEUP
libupnp < 1.12.1 - Denial of Service via Crafted SSDP Message
Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_table.c.
CVSS 7.5
CVE-2021-33353 EXPLOITDB CRITICAL text WORKING POC
Wyomind Help Desk Magento 2 <1.3.7 - Path Traversal
Directory Traversal vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via the file attachment directory setting.
CVSS 9.8
CVE-2021-33352 EXPLOITDB CRITICAL text WORKING POC
Wyomind Help Desk Magento 2 <1.3.7 - RCE
An issue in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via a phar file upload in the ticket message field.
CVSS 9.8
CVE-2021-33351 EXPLOITDB CRITICAL text WORKING POC
Wyomind Help Desk Magento 2 <1.3.7 - XSS
Cross Site Scripting Vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before and fixed in v.1.3.7 allows attackers to escalte privileges via a crafted payload in the ticket message field.
CVSS 9.0
CVE-2012-5958 EXPLOITDB python WORKING POC
libupnp < 1.6.18 - Remote Code Execution via SSDP Unique Service Name Parsing
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a UDP packet with a crafted string that is not properly handled after a certain pointer subtraction.
CVE-2017-13772 EXPLOITDB HIGH python WORKING POC
TP-Link WR940N Hardware v4 - Authenticated Remote Code Execution via PingIframeRpm.htm or WanStaticIpV6CfgRpm.htm
Multiple stack-based buffer overflows in TP-Link WR940N WiFi routers with hardware version 4 allow remote authenticated users to execute arbitrary code via the (1) ping_addr parameter to PingIframeRpm.htm or (2) dnsserver2 parameter to WanStaticIpV6CfgRpm.htm.
CVSS 8.8
CVE-2019-19731 EXPLOITDB HIGH text WORKING POC
Roxy Fileman 1.4.5 - Path Traversal
Roxy Fileman 1.4.5 for .NET is vulnerable to path traversal. A remote attacker can write uploaded files to arbitrary locations via the RENAMEFILE action. This can be leveraged for code execution by uploading a specially crafted Windows shortcut file and writing the file to the Startup folder (because an incomplete blacklist of file extensions allows Windows shortcut files to be uploaded).
CVSS 7.5