Rafay Baloch

10 exploits Active since Sep 2014
CVE-2014-6041 METASPLOIT ruby WORKING POC
Android Browser RCE Through Google Play Store XFO
The Android WebView in Android before 4.4 allows remote attackers to bypass the Same Origin Policy via a crafted attribute containing a \u0000 character, as demonstrated by an onclick="window.open('\u0000javascript: sequence to the Android Browser application 4.2.1 or a third-party web browser.
CVE-2014-6041 METASPLOIT ruby WORKING POC
Android Browser RCE Through Google Play Store XFO
The Android WebView in Android before 4.4 allows remote attackers to bypass the Same Origin Policy via a crafted attribute containing a \u0000 character, as demonstrated by an onclick="window.open('\u0000javascript: sequence to the Android Browser application 4.2.1 or a third-party web browser.
CVE-2014-6041 METASPLOIT ruby WORKING POC
Android Browser RCE Through Google Play Store XFO
The Android WebView in Android before 4.4 allows remote attackers to bypass the Same Origin Policy via a crafted attribute containing a \u0000 character, as demonstrated by an onclick="window.open('\u0000javascript: sequence to the Android Browser application 4.2.1 or a third-party web browser.
EIP-2026-114543 EXPLOITDB text WORKING POC
Your Own Classifieds - Cross-Site Scripting
EIP-2026-113406 EXPLOITDB text WORKING POC
WHM - 'filtername' Cross-Site Scripting
EIP-2026-109420 EXPLOITDB text WORKING POC
MentalJS - Sandbox Security Bypass
EIP-2026-107184 EXPLOITDB text WORKING POC
Fork CMS - 'js.php' Local File Inclusion
EIP-2026-106205 EXPLOITDB text WRITEUP
cPanel - 'dir' Cross-Site Scripting
EIP-2026-106203 EXPLOITDB text WORKING POC
cPanel - 'account' Cross-Site Scripting
EIP-2026-102865 EXPLOITDB text WORKING POC
Google Chrome 109.0.5414.74 - Code Execution via missing lib file (Ubuntu)