Pedro Ribeiro

213 exploits Active since Jan 2014
CVE-2018-1418 METASPLOIT HIGH ruby WORKING POC
IBM Security QRadar SIEM <7.4 - Auth Bypass
IBM Security QRadar SIEM 7.2 and 7.3 could allow a user to bypass authentication which could lead to code execution. IBM X-Force ID: 138824.
CVSS 8.8
CVE-2018-15379 METASPLOIT CRITICAL ruby WORKING POC
Cisco Prime Infrastructure - Path Traversal
A vulnerability in which the HTTP web server for Cisco Prime Infrastructure (PI) has unrestricted directory permissions could allow an unauthenticated, remote attacker to upload an arbitrary file. This file could allow the attacker to execute commands at the privilege level of the user prime. This user does not have administrative or root privileges. The vulnerability is due to an incorrect permission setting for important system directories. An attacker could exploit this vulnerability by uploading a malicious file by using TFTP, which can be accessed via the web-interface GUI. A successful exploit could allow the attacker to run commands on the targeted application without authentication.
CVSS 9.8
CVE-2018-15439 METASPLOIT CRITICAL ruby WORKING POC
Cisco Small Business Switches - Unauthenticated Bypass via Hard-coded Credentials
A vulnerability in the Cisco Small Business Switches software could allow an unauthenticated, remote attacker to bypass the user authentication mechanism of an affected device. The vulnerability exists because under specific circumstances, the affected software enables a privileged user account without notifying administrators of the system. An attacker could exploit this vulnerability by using this account to log in to an affected device and execute commands with full admin rights. Cisco has not released software updates that address this vulnerability. This advisory will be updated with fixed software information once fixed software becomes available. There is a workaround to address this vulnerability.
CVSS 9.8
CVE-2019-1935 METASPLOIT CRITICAL ruby WORKING POC
Cisco IMC Supervisor, UCS Director, and UCS Director Express for Big Data - Use of Hard-coded Credentials
A vulnerability in Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to log in to the CLI of an affected system by using the SCP User account (scpuser), which has default user credentials. The vulnerability is due to the presence of a documented default account with an undocumented default password and incorrect permission settings for that account. Changing the default password for this account is not enforced during the installation of the product. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the scpuser account. This includes full read and write access to the system's database.
CVSS 9.8
CVE-2020-4429 METASPLOIT CRITICAL ruby WORKING POC
IBM Data Risk Manager 2.0.1-2.0.6 - Use of Hard-coded Credentials
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrative account. A remote attacker could exploit this vulnerability to login and execute arbitrary code on the system with root privileges. IBM X-Force ID: 180534.
CVSS 9.8
CVE-2015-2863 EXPLOITDB text WRITEUP
Kaseya Virtual System Administrator 7.x < 7.0.0.29, 8.x < 8.0.0.18, 9.0 < 9.0.0.14, 9.1 < 9.1.0.4 - Open Redirect
Open redirect vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2016-6599 EXPLOITDB CRITICAL text WRITEUP
BMC Track-It! 11.4 - Info Disclosure
BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting configuration service (ConfigurationService) on port 9010. This service contains a method that can be used to retrieve a configuration file that contains the application database name, username and password as well as the domain administrator username and password. These are encrypted with a fixed key and IV ("NumaraIT") using the DES algorithm. The domain administrator username and password can only be obtained if the Self-Service component is enabled, which is the most common scenario in enterprise deployments.
CVSS 9.8
CVE-2014-4872 EXPLOITDB text WRITEUP
BMC Track-It! 11.3.0.355 - Unauthenticated Remote Code Execution via .NET Remoting
BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attackers to upload arbitrary files, execute arbitrary code, or obtain sensitive credential and configuration information via a .NET Remoting request to (1) FileStorageService or (2) ConfigurationService.
CVE-2016-1525 EXPLOITDB HIGH ruby WORKING POC
NETGEAR Management System NMS300 <1.5.0.11 - Path Traversal
Directory traversal vulnerability in data/config/image.do in NETGEAR Management System NMS300 1.5.0.11 and earlier allows remote authenticated users to read arbitrary files via a .. (dot dot) in the realName parameter.
CVSS 8.6
CVE-2018-18982 EXPLOITDB HIGH ruby WORKING POC
NUUO CMS < 3.3 - SQL Injection
NUUO CMS All versions 3.3 and prior the web server application allows injection of arbitrary SQL characters, which can be used to inject SQL into an executing statement and allow arbitrary code execution.
CVSS 8.8
CVE-2014-4872 EXPLOITDB ruby WORKING POC
BMC Track-It! 11.3.0.355 - Unauthenticated Remote Code Execution via .NET Remoting
BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attackers to upload arbitrary files, execute arbitrary code, or obtain sensitive credential and configuration information via a .NET Remoting request to (1) FileStorageService or (2) ConfigurationService.
CVE-2014-5005 EXPLOITDB ruby WORKING POC
ManageEngine Desktop Central < 9.0 - Remote Code Execution via File Upload Path Traversal
Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter in an LFU action to statusUpdate.
CVE-2015-6922 EXPLOITDB CRITICAL ruby WORKING POC
Kaseya VSA <7.0.0.33, <8.0.0.23, <9.0.0.19, <9.1.0.9 - Unauthenticated RCE via File Write
Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.33, 8.x before 8.0.0.23, 9.0 before 9.0.0.19, and 9.1 before 9.1.0.9 does not properly require authentication, which allows remote attackers to bypass authentication and (1) add an administrative account via crafted request to LocalAuth/setAccount.aspx or (2) write to and execute arbitrary files via a full pathname in the PathData parameter to ConfigTab/uploader.aspx.
CVSS 9.8
CVE-2013-6040 EXPLOITDB HIGH html WORKING POC
MW6 Aztec, DataMatrix, MaxiCode <4.0 - RCE
MW6 Aztec, DataMatrix, and MaxiCode ActiveX controls before version 4.0 vulnerable to arbitrary code via a crafted HTML document. Latest versions (4.0) of MW6 Aztec, DataMatrix, and MaxiCode ActiveX controls have resolved the issue
CVSS 8.1
CVE-2013-6040 EXPLOITDB HIGH html WORKING POC
MW6 Aztec, DataMatrix, MaxiCode <4.0 - RCE
MW6 Aztec, DataMatrix, and MaxiCode ActiveX controls before version 4.0 vulnerable to arbitrary code via a crafted HTML document. Latest versions (4.0) of MW6 Aztec, DataMatrix, and MaxiCode ActiveX controls have resolved the issue
CVSS 8.1
CVE-2013-6040 EXPLOITDB HIGH html WORKING POC
MW6 Aztec, DataMatrix, MaxiCode <4.0 - RCE
MW6 Aztec, DataMatrix, and MaxiCode ActiveX controls before version 4.0 vulnerable to arbitrary code via a crafted HTML document. Latest versions (4.0) of MW6 Aztec, DataMatrix, and MaxiCode ActiveX controls have resolved the issue
CVSS 8.1
EIP-2026-114934 EXPLOITDB text WORKING POC
ASF Demux for VideoLAN VLC Media Player 2.0.x - Denial of Service (PoC)
CVE-2019-1935 EXPLOITDB CRITICAL ruby WORKING POC
Cisco IMC Supervisor, UCS Director, and UCS Director Express for Big Data - Use of Hard-coded Credentials
A vulnerability in Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to log in to the CLI of an affected system by using the SCP User account (scpuser), which has default user credentials. The vulnerability is due to the presence of a documented default account with an undocumented default password and incorrect permission settings for that account. Changing the default password for this account is not enforced during the installation of the product. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the scpuser account. This includes full read and write access to the system's database.
CVSS 9.8
CVE-2018-1612 EXPLOITDB MEDIUM ruby WORKING POC
IBM QRadar SIEM 7.2-7.3 - Unauthenticated Exposure of Sensitive Information
IBM QRadar Incident Forensics (IBM QRadar SIEM 7.2, and 7.3) could allow a remote attacker to bypass authentication and obtain sensitive information. IBM X-Force ID: 144164.
CVSS 5.8
CVE-2014-1836 EXPLOITDB text WORKING POC
ImpressCMS < 1.3.6 - Path Traversal and Arbitrary File Deletion via Image Path Parameter
Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the image_path parameter in a cancel action.
CVE-2014-1603 EXPLOITDB text WORKING POC
GetSimple CMS 3.3.1 - Cross-Site Scripting via admin/load.php or admin/settings.php
Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) param parameter to admin/load.php or (2) user, (3) email, or (4) name parameter in a Save Settings action to admin/settings.php.
CVE-2014-0334 EXPLOITDB text WRITEUP
CMS Made Simple - Authenticated Stored Cross-Site Scripting via Multiple Admin Parameters
Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple allow remote authenticated users to inject arbitrary web script or HTML via (1) the group parameter to admin/addgroup.php, (2) the htmlblob parameter to admin/addhtmlblob.php, the (3) title or (4) url parameter to admin/addbookmark.php, (5) the stylesheet_name parameter to admin/copystylesheet.php, (6) the template_name parameter to admin/copytemplate.php, the (7) title or (8) url parameter to admin/editbookmark.php, (9) the template parameter to admin/listtemplates.php, or (10) the css_name parameter to admin/listcss.php, a different issue than CVE-2014-2092.
CVE-2014-5377 EXPLOITDB text WORKING POC
ManageEngine DeviceExpert < 5.9 - Unauthenticated Exposure of Sensitive Information via ReadUsersFromMasterServlet
ReadUsersFromMasterServlet in ManageEngine DeviceExpert before 5.9 build 5981 allows remote attackers to obtain user account credentials via a direct request.
CVE-2015-2994 EXPLOITDB ruby WORKING POC
SysAid < 15.1 - Unauthenticated Arbitrary File Upload and Remote Code Execution via ChangePhoto.jsp
Unrestricted file upload vulnerability in ChangePhoto.jsp in SysAid Help Desk before 15.2 allows remote administrators to execute arbitrary code by uploading a file with a .jsp extension, then accessing it via a direct request to the file in icons/user_photo/.
CVE-2014-8499 EXPLOITDB text WRITEUP
ManageEngine Password Manager Pro < 7.1 - Authenticated SQL Injection via SEARCH_ALL Parameter
Multiple SQL injection vulnerabilities in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allow remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter to (1) SQLAdvancedALSearchResult.cc or (2) AdvancedSearchResult.cc.