Rafael Pedrero

49 exploits Active since Apr 2018
CVE-2018-18775 EXPLOITDB MEDIUM text WORKING POC
Microstrategy Web - XSS
Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the Login.asp Msg parameter. NOTE: this is a deprecated product.
CVSS 6.1
CVE-2018-19861 EXPLOITDB CRITICAL text WORKING POC
MiniShare <1.4.1 - RCE
Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP HEAD request. NOTE: this product is discontinued.
CVSS 9.8
CVE-2018-19862 EXPLOITDB CRITICAL text WORKING POC
MiniShare <1.4.1 - RCE
Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP POST request. NOTE: this product is discontinued.
CVSS 9.8
EIP-2026-117853 EXPLOITDB text WORKING POC
Resource Hacker v3.6.0.92 - Buffer overflow
EIP-2026-117205 EXPLOITDB text WORKING POC
Frhed (Free hex editor) v1.6.0 - Buffer overflow
EIP-2026-116329 EXPLOITDB python WORKING POC
SQLScan 1.0 - Denial of Service (PoC)
EIP-2026-116348 EXPLOITDB text WORKING POC
SuperMailer v11.20 - Buffer overflow DoS
EIP-2026-116330 EXPLOITDB python WORKING POC
SQLScan 1.0 - Denial of Service (PoC)
EIP-2026-116223 EXPLOITDB text WORKING POC
Scdbg 1.0 - Buffer overflow DoS
EIP-2026-115910 EXPLOITDB python WORKING POC
Necrosoft DIG 0.4 - Buffer Overflow (PoC) (SEH Overwrite)
EIP-2026-115911 EXPLOITDB python WORKING POC
Necrosoft DIG 0.4 - Buffer Overflow (PoC) (SEH Overwrite)
EIP-2026-115389 EXPLOITDB text WORKING POC
Hex Workshop v6.7 - Buffer overflow DoS
EIP-2026-115259 EXPLOITDB python WORKING POC
FlexHEX 2.46 - Buffer Overflow (PoC) (SEH Overwrite)
EIP-2026-115260 EXPLOITDB python WORKING POC
FlexHEX 2.46 - Buffer Overflow (PoC) (SEH Overwrite)
EIP-2026-114871 EXPLOITDB python WORKING POC
Advanced File Manager 3.4.1 - Denial of Service (PoC)
EIP-2026-114384 EXPLOITDB text WORKING POC
WPN-XM Serverstack for Windows 0.8.6 - Multiple Vulnerabilities
CVE-2019-8924 EXPLOITDB MEDIUM html WORKING POC
Apachefriends Xampp < 5.6.8 - XSS
XAMPP through 5.6.8 allows XSS via the cds-fpdf.php interpret or titel parameter. NOTE: This product is discontinued.
CVSS 6.1
CVE-2019-9083 EXPLOITDB CRITICAL text WORKING POC
Sqlitemanager - SQL Injection
SQLiteManager 1.20 and 1.24 allows SQL injection via the /sqlitemanager/main.php dbsel parameter. NOTE: This product is discontinued.
CVSS 9.8
EIP-2026-110182 EXPLOITDB text WORKING POC
Online shopping system advanced 1.0 - Multiple Vulnerabilities
EIP-2026-108099 EXPLOITDB text WORKING POC
Job Portal 1.0 - File Upload Restriction Bypass
CVE-2018-18619 EXPLOITDB CRITICAL text WORKING POC
Advanced Comment System - SQL Injection
internal/advanced_comment_system/admin.php in Advanced Comment System 1.0 is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query, allowing remote attackers to execute the sqli attack via a URL in the "page" parameter. NOTE: The product is discontinued.
CVSS 9.8
CVE-2019-8929 EXPLOITDB MEDIUM html WRITEUP
Zohocorp Manageengine Netflow Analyzer - XSS
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/selectDevice.jsp file in these GET parameters: param and rtype.
CVSS 6.1
CVE-2018-18777 EXPLOITDB MEDIUM text WORKING POC
Microstrategy Web - Path Traversal
Directory traversal vulnerability in Microstrategy Web, version 7, in "/WebMstr7/servlet/mstrWeb" (in the parameter subpage) allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application. NOTE: this is a deprecated product.
CVSS 4.3
EIP-2026-102477 EXPLOITDB text WORKING POC
Desktop Central 9.1.0 - Multiple Vulnerabilities