Rajwinder Singh

2 exploits Active since Oct 2017
CVE-2017-17721 EXPLOITDB CRITICAL text WRITEUP
ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 - SQL Injection via Multiple Parameters
CWEBNET/WOSummary/List in ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows SQL injection via the tradestatus, assetno, assignto, building, domain, jobtype, site, trade, woType, workorderno, or workorderstatus parameter.
CVSS 9.8
CVE-2017-15580 EXPLOITDB CRITICAL text WORKING POC
osTicket 1.10.1 - Unrestricted Upload of File with Dangerous Type via tickets.php
osTicket 1.10.1 provides a functionality to upload 'html' files with associated formats. However, it does not properly validate the uploaded file's contents and thus accepts any type of file, such as with a tickets.php request that is modified with a .html extension changed to a .exe extension. An attacker can leverage this vulnerability to upload arbitrary files on the web application having malicious content.
CVSS 9.8