Prasenjit Kanti Paul

31 exploits Active since Feb 2018
CVE-2022-34530 WRITEUP MEDIUM WRITEUP
Backdrop CMS < 1.22.0 - Username Enumeration via Password Reset Request
An issue in the login and reset password functionality of Backdrop CMS v1.22.0 allows attackers to enumerate usernames via password reset requests and distinct responses returned based on usernames.
CVSS 5.3
CVE-2022-35118 WRITEUP MEDIUM WRITEUP
PyroCMS < 3.9 - Cross-Site Scripting
PyroCMS v3.9 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities.
CVSS 6.1
CVE-2018-9128 EXPLOITDB HIGH text WORKING POC
DVD X Player Standard 5.5.3.9 - Buffer Overflow via Crafted PLF File
DVD X Player Standard 5.5.3.9 has a Buffer Overflow via a crafted .plf file, a related issue to CVE-2007-3068.
CVSS 7.8
CVE-2018-7886 EXPLOITDB HIGH python WORKING POC
CloudMe Sync 1.11.0 - Unauthenticated Buffer Overflow via Local Port 8888
An issue was discovered in CloudMe 1.11.0. An unauthenticated local attacker that can connect to the "CloudMe Sync" client application listening on 127.0.0.1 port 8888 can send a malicious payload causing a buffer overflow condition. This will result in code execution, as demonstrated by a TCP reverse shell, or a crash. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-6892.
CVSS 7.8
CVE-2019-6146 EXPLOITDB MEDIUM text WRITEUP
Forcepoint Web Security 8.0.0-8.5.3 - Cross-Site Scripting via Host Header Injection
It has been reported that cross-site scripting (XSS) is possible in Forcepoint Web Security, version 8.x, via host header injection. CVSSv3.0: 5.3 (Medium) (/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVSS 6.1
CVE-2018-6936 EXPLOITDB MEDIUM text WORKING POC
D-Link DIR-600M C1 3.01 - Stored Cross-Site Scripting via SSID or User Account Name
Cross Site Scripting (XSS) exists on the D-Link DIR-600M C1 3.01 via the SSID or the name of a user account.
CVSS 5.4