Pedro Ribeiro

203 exploits Active since Jan 2014
CVE-2020-28347 WRITEUP CRITICAL WRITEUP
Tp-link Ac1750 Firmware < 201029 - OS Command Injection
tdpServer on TP-Link Archer A7 AC1750 devices before 201029 allows remote attackers to execute arbitrary code via the slave_mac parameter. NOTE: this issue exists because of an incomplete fix for CVE-2020-10882 in which shell quotes are mishandled.
CVSS 9.8
CVE-2020-28347 WRITEUP CRITICAL WRITEUP
Tp-link Ac1750 Firmware < 201029 - OS Command Injection
tdpServer on TP-Link Archer A7 AC1750 devices before 201029 allows remote attackers to execute arbitrary code via the slave_mac parameter. NOTE: this issue exists because of an incomplete fix for CVE-2020-10882 in which shell quotes are mishandled.
CVSS 9.8
CVE-2021-36224 WRITEUP CRITICAL WRITEUP
Western Digital My Cloud <OS5 - Info Disclosure
Western Digital My Cloud devices before OS5 have a nobody account with a blank password.
CVSS 9.8
CVE-2021-36225 WRITEUP HIGH WRITEUP
Western Digital My Cloud <OS5 - Privilege Escalation
Western Digital My Cloud devices before OS5 allow REST API access by low-privileged accounts, as demonstrated by API commands for firmware uploads and installation.
CVSS 8.8
CVE-2021-36226 WRITEUP CRITICAL WRITEUP
Western Digital My Cloud <OS5 - Info Disclosure
Western Digital My Cloud devices before OS5 do not use cryptographically signed Firmware upgrade files.
CVSS 9.8
CVE-2021-46829 WRITEUP HIGH WRITEUP
GDK-PixBuf <2.42.8 - Buffer Overflow
GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit systems.
CVSS 7.8
CVE-2022-23227 WRITEUP CRITICAL WRITEUP
Nuuo Nvrmini2 Firmware < 3.11.0 - Missing Authentication
NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users because of the lack of handle_import_user.php authentication. When combined with another flaw (CVE-2011-5325), it is possible to overwrite arbitrary files under the web root and achieve code execution as root.
CVSS 9.8
CVE-2024-57822 WRITEUP MEDIUM WRITEUP
Librdf Raptor Rdf Syntax Library < 2.0.16 - Out-of-Bounds Read
In Raptor RDF Syntax Library through 2.0.16, there is a heap-based buffer over-read when parsing triples with the nquads parser in raptor_ntriples_parse_term_internal().
CVSS 4.0
CVE-2024-57823 WRITEUP CRITICAL WRITEUP
Librdf Raptor Rdf Syntax Library < 2.0.16 - Integer Underflow
In Raptor RDF Syntax Library through 2.0.16, there is an integer underflow when normalizing a URI with the turtle parser in raptor_uri_normalize_path().
CVSS 9.3
CVE-2018-1418 EXPLOITDB HIGH ruby WORKING POC
IBM Security QRadar SIEM <7.4 - Auth Bypass
IBM Security QRadar SIEM 7.2 and 7.3 could allow a user to bypass authentication which could lead to code execution. IBM X-Force ID: 138824.
CVSS 8.8
CVE-2018-5999 EXPLOITDB CRITICAL ruby WORKING POC
AsusWRT <3.0.0.4.384_10007 - Info Disclosure
An issue was discovered in AsusWRT before 3.0.0.4.384_10007. In the handle_request function in router/httpd/httpd.c, processing of POST requests continues even if authentication fails.
CVSS 9.8
CVE-2018-5999 EXPLOITDB CRITICAL text WRITEUP
AsusWRT <3.0.0.4.384_10007 - Info Disclosure
An issue was discovered in AsusWRT before 3.0.0.4.384_10007. In the handle_request function in router/httpd/httpd.c, processing of POST requests continues even if authentication fails.
CVSS 9.8
CVE-2016-5679 EXPLOITDB HIGH text WORKING POC
NUUO NVRmini <3.0.0 - Command Injection
cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transfer_license command.
CVSS 8.8
CVE-2016-5677 EXPLOITDB HIGH text WORKING POC
NUUO NVRmini <3.0.0 - Info Disclosure
NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 have a hardcoded qwe23622260 password for the nuuoeng account, which allows remote attackers to obtain sensitive information via an __nvr_status___.php request.
CVSS 7.5
CVE-2016-5676 EXPLOITDB HIGH text WORKING POC
NUUO NVRmini <2 - RCE
cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator password via a cmd=loaddefconfig action.
CVSS 7.5
CVE-2016-5675 EXPLOITDB CRITICAL text WORKING POC
NUUO <3.2.0 - RCE
handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the NTPServer parameter.
CVSS 9.8
CVE-2016-5674 EXPLOITDB CRITICAL text WORKING POC
NUUO NVRmini <3.0.0 - RCE
__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter.
CVSS 9.8
CVE-2016-1524 EXPLOITDB CRITICAL text WORKING POC
NETGEAR Management System NMS300 <1.5.0.11 - RCE
Multiple unrestricted file upload vulnerabilities in NETGEAR Management System NMS300 1.5.0.11 and earlier allow remote attackers to execute arbitrary Java code by using (1) fileUpload.do or (2) lib-1.0/external/flash/fileUpload.do to upload a JSP file, and then accessing it via a direct request for a /null URI.
CVSS 9.6
CVE-2015-6589 EXPLOITDB HIGH text WORKING POC
Kaseya Virtual System Administrator < 7.0.0.33 - Path Traversal
Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.0.0.0 before 7.0.0.33, 8..0.0.0 before 8.0.0.23, 9.0.0.0 before 9.0.0.19, and 9.1.0.0 before 9.1.0.9 allows remote authenticated users to write to and execute arbitrary files due to insufficient restrictions in file paths to json.ashx.
CVSS 8.8
CVE-2014-8498 EXPLOITDB text WRITEUP
Zohocorp Manageengine Password Manager Pro < 7.1 - SQL Injection
SQL injection vulnerability in BulkEditSearchResult.cc in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allows remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter.
CVE-2016-6602 EXPLOITDB CRITICAL text WRITEUP
ZOHO WebNMS Framework 5.2-5.2 SP1 - Info Disclosure
ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which allows context-dependent attackers to obtain cleartext passwords by leveraging access to WEB-INF/conf/securitydbData.xml. NOTE: this issue can be combined with CVE-2016-6601 for a remote exploit.
CVSS 9.8
CVE-2016-6601 EXPLOITDB HIGH text WRITEUP
ZOHO WebNMS Framework <5.2-5.2 SP1 - Path Traversal
Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile.
CVSS 7.5
CVE-2016-6600 EXPLOITDB CRITICAL text WRITEUP
ZOHO WebNMS Framework <5.2-5.2 SP1 - Path Traversal
Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to upload and execute arbitrary JSP files via a .. (dot dot) in the fileName parameter to servlets/FileUploadServlet.
CVSS 9.8
CVE-2016-1595 EXPLOITDB MEDIUM text WRITEUP
Micro Focus Novell Service Desk <7.2 - SQL Injection
LiveTime/WebObjects/LiveTime.woa/wa/DownloadAction/downloadFile in Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to conduct Hibernate Query Language (HQL) injection attacks and obtain sensitive information via the entityName parameter.
CVSS 6.5
CVE-2016-1594 EXPLOITDB MEDIUM text WRITEUP
Micro Focus Novell Service Desk <7.2 - Info Disclosure
Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to read arbitrary attachments via a request to a LiveTime.woa URL, as demonstrated by obtaining sensitive information via a (1) downloadLogFiles or (2) downloadFile action.
CVSS 6.5