Paulos Yibelo

6 exploits Active since May 2015
CVE-2017-15578 EXPLOITDB HIGH WRITEUP
PHP Melody < 2.7.3 - SQL Injection via Image Parameter
In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via the image parameter to admin/edit_category.php.
CVSS 8.8
CVE-2017-11657 EXPLOITDB HIGH WRITEUP
Dashlane - Untrusted Search Path Privilege Escalation via WINHTTP.dll
Dashlane might allow local users to gain privileges by placing a Trojan horse WINHTTP.dll in the %APPDATA%\Dashlane directory.
CVSS 7.3
CVE-2018-6460 EXPLOITDB HIGH WORKING POC
Hotspot Shield - Unauthenticated Sensitive Information Exposure via JSONP Callback Parameter
Hotspot Shield runs a webserver with a static IP address 127.0.0.1 and port 895. The web server uses JSONP and hosts sensitive information including configuration. User controlled input is not sufficiently filtered: an unauthenticated attacker can send a POST request to /status.js with the parameter func=$_APPLOG.Rfunc and extract sensitive information about the machine, including whether the user is connected to a VPN, to which VPN he/she is connected, and what is their real IP address.
CVSS 7.5
CVE-2017-15579 EXPLOITDB CRITICAL WRITEUP
php_melody < 2.7.3 - SQL Injection via aa_pages_per_page Cookie
In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via an aa_pages_per_page cookie in a playlist action to watch.php.
CVSS 9.8
CVE-2015-1265 EXPLOITDB python WORKING POC
Google Chrome <43.0.2357.65 - DoS
Multiple unspecified vulnerabilities in Google Chrome before 43.0.2357.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
EIP-2026-102138 EXPLOITDB text WORKING POC
ZTE ZXDSL 831CII - Insecure Direct Object Reference