Raffaele Sabato

8 exploits Active since Jan 2018
CVE-2018-5725 EXPLOITDB HIGH text WRITEUP
MASTER IPCAMERA01 <3.3.4.2103 - Info Disclosure
MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated Configuration Change, as demonstrated by the port number of the web server.
CVSS 7.5
CVE-2018-5724 EXPLOITDB CRITICAL text WRITEUP
MASTER IPCAMERA01 <3.3.4.2103 - Info Disclosure
MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated Configuration Download and Upload, as demonstrated by restore.cgi.
CVSS 9.8
CVE-2018-5723 EXPLOITDB CRITICAL text WRITEUP
MASTER IPCAMERA01 <3.3.4.2103 - Info Disclosure
MASTER IPCAMERA01 3.3.4.2103 devices have a hardcoded password of cat1029 for the root account.
CVSS 9.8
CVE-2020-35151 EXPLOITDB HIGH text WORKING POC
Online Marriage Registration System 1.0 - SQL Injection
The Online Marriage Registration System 1.0 post parameter "searchdata" in the user/search.php request is vulnerable to Time Based Sql Injection.
CVSS 8.8
CVE-2018-6023 EXPLOITDB HIGH html WORKING POC
Fastweb FASTgate 0.00.47 - Cross-Site Request Forgery
Fastweb FASTgate 0.00.47 devices are vulnerable to CSRF, with impacts including Wi-Fi password changing, Guest Wi-Fi activating, etc.
CVSS 8.8
CVE-2018-5720 EXPLOITDB HIGH html WORKING POC
DODOCOOL DC38 3-in-1 N300 Mini Wireless Range Extender RTN2-AW.GD.R3465.1.20161103 - Cross-Site Request Forgery
An issue was discovered on DODOCOOL DC38 3-in-1 N300 Mini Wireless Range Extend RTN2-AW.GD.R3465.1.20161103 devices. A Cross-site request forgery (CSRF) vulnerability allows remote attackers to hijack the authentication of users for requests that modify all the settings. This vulnerability can lead to changing an existing user's username and password, changing the Wi-Fi password, etc.
CVSS 8.8
CVE-2018-5726 EXPLOITDB CRITICAL text WRITEUP
MASTER IPCAMERA01 <3.3.4.2103 - Info Disclosure
MASTER IPCAMERA01 3.3.4.2103 devices allow remote attackers to obtain sensitive information via a crafted HTTP request, as demonstrated by the username, password, and configuration settings.
CVSS 9.8
CVE-2019-8387 EXPLOITDB CRITICAL python WORKING POC
MASTER IPCAMERA01 <3.3.4.2103 - RCE
MASTER IPCAMERA01 3.3.4.2103 devices allow Remote Command Execution, related to the thttpd component.
CVSS 9.8