Ricardo Ruiz

6 exploits Active since Jun 2021
CVE-2021-31159 NOMISEC MEDIUM WORKING POC
Zoho ManageEngine ServiceDesk Plus MSP <10519 - Info Disclosure
Zoho ManageEngine ServiceDesk Plus MSP before 10519 is vulnerable to a User Enumeration bug due to improper error-message generation in the Forgot Password functionality, aka SDPMSP-15732.
3 stars
CVSS 5.3
CVE-2021-40845 NOMISEC HIGH WORKING POC
Zenitel AlphaCom XE Audio Server <11.2.3.10 - Code Injection
The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, called AlphaWeb XE, does not restrict file upload in the Custom Scripts section at php/index.php. Neither the content nor extension of the uploaded files is checked, allowing execution of PHP code under the /cmd directory.
2 stars
CVSS 8.8
CVE-2021-47888 EXPLOITDB HIGH python WORKING POC
Textpattern <4.8.3 - Authenticated RCE
Textpattern versions prior to 4.8.3 contain an authenticated remote code execution vulnerability that allows logged-in users to upload malicious PHP files. Attackers can upload a PHP file with a shell command execution payload and execute arbitrary commands by accessing the uploaded file through a specific URL parameter.
CVSS 8.8
EIP-2026-110141 EXPLOITDB python WORKING POC
Online Marriage Registration System (OMRS) 1.0 - Remote code execution (3)
EIP-2026-105120 EXPLOITDB python WORKING POC
AlphaWeb XE - File Upload Remote Code Execution (RCE) (Authenticated)
CVE-2021-31159 EXPLOITDB MEDIUM python WORKING POC
Zoho ManageEngine ServiceDesk Plus MSP <10519 - Info Disclosure
Zoho ManageEngine ServiceDesk Plus MSP before 10519 is vulnerable to a User Enumeration bug due to improper error-message generation in the Forgot Password functionality, aka SDPMSP-15732.
CVSS 5.3