Redouane NIBOUCHA

10 exploits Active since Jun 2017
CVE-2020-17505 METASPLOIT HIGH ruby WORKING POC
Artica proxy 4.30.000000 Auth Bypass service-cmds-peform Command Injection
Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via service_cmds_peform.
CVSS 8.8
CVE-2019-7192 METASPLOIT CRITICAL ruby WORKING POC
QNAP Photo Station - Info Disclosure
This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions.
CVSS 9.8
CVE-2019-7195 METASPLOIT CRITICAL ruby WORKING POC
QNAP Photo Station - Path Traversal
This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions.
CVSS 9.8
CVE-2019-13373 METASPLOIT CRITICAL ruby WORKING POC
D-Link Central WiFiManager - SQL Injection via dbSQL Parameter
An issue was discovered in the D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6. Input does not get validated and arbitrary SQL statements can be executed in the database via the /web/Public/Conn.php parameter dbSQL.
CVSS 9.8
CVE-2023-5350 METASPLOIT CRITICAL ruby WORKING POC
SuiteCRM < 7.14.1 - SQL Injection
SQL Injection in GitHub repository salesagility/suitecrm prior to 7.14.1.
CVSS 9.1
CVE-2019-7194 METASPLOIT CRITICAL ruby WORKING POC
QNAP Photo Station - Path Traversal
This external control of file name or path vulnerability allows remote attackers to access or modify system files. To fix the vulnerability, QNAP recommend updating Photo Station to their latest versions.
CVSS 9.8
CVE-2017-8835 METASPLOIT CRITICAL ruby WORKING POC
Peplink Balance 305, 380, 580, 710, 1350, and 2500 Firmware < 7.0.1-build2093 - SQL Injection via bauth Cookie
SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. An attack vector is the bauth cookie to cgi-bin/MANGA/admin.cgi. One impact is enumeration of user accounts by observing whether a session ID can be retrieved from the sessions database.
CVSS 9.8
CVE-2019-13372 METASPLOIT CRITICAL ruby WORKING POC
D-Link Central WiFi Manager < 1.03 - Unauthenticated Remote Code Execution via Cookie Injection
/web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username field allows eval injection, and an empty password bypasses authentication.
CVSS 9.8
CVE-2020-17506 METASPLOIT CRITICAL ruby WORKING POC
Artica Web Proxy 4.30.00000000 - SQL Injection
Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php.
CVSS 9.8
CVE-2022-34918 METASPLOIT HIGH ruby WORKING POC
Netfilter nft_set_elem_init Heap Overflow Privilege Escalation
An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.
CVSS 7.8