Pietro Oliva

6 exploits Active since Apr 2018
CVE-2020-12110 METASPLOIT CRITICAL ruby WORKING POC
TP-Link NC200/NC210/NC220/NC230/NC250/NC260/NC450 Firmware - Use of Hard-coded Encryption Key
Certain TP-Link devices have a Hardcoded Encryption Key. This affects NC200 2.1.9 build 200225, N210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304.
CVSS 9.8
CVE-2020-28371 WRITEUP CRITICAL WRITEUP
ReadyTalk Avian 1.2.0 - Integer Overflow in FileOutputStream.write()
An issue was discovered in ReadyTalk Avian 1.2.0 before 2020-10-27. The FileOutputStream.write() method in FileOutputStream.java has a boundary check to prevent out-of-bounds memory read/write operations. However, an integer overflow leads to bypassing this check and achieving the out-of-bounds access. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVSS 9.8
CVE-2020-12109 METASPLOIT HIGH ruby WORKING POC
TP-Link NC200/NC210/NC220/NC230/NC250/NC260/NC450 Firmware - OS Command Injection via Bonjour Service
Certain TP-Link devices allow Command Injection. This affects NC200 2.1.9 build 200225, NC210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304.
CVSS 8.8
CVE-2014-1889 EXPLOITDB MEDIUM text WRITEUP
Buddypress <1.9.2 - Privilege Escalation
The Group creation process in the Buddypress plugin before 1.9.2 for WordPress allows remote authenticated users to gain control of arbitrary groups by leveraging a missing permissions check.
CVSS 6.5
EIP-2026-103581 EXPLOITDB perl WORKING POC
mplayer 4.4.1 - Null Pointer Dereference (PoC)
EIP-2026-102609 EXPLOITDB text WORKING POC
Gnome Panel 2.28.0 - Denial of Service (PoC)