Rik Lutz

3 exploits Active since Feb 2022
CVE-2022-50925 EXPLOITDB CRITICAL html WORKING POC
Prowise Reflect <1.0.9 - Code Injection
Prowise Reflect version 1.0.9 contains a remote keystroke injection vulnerability that allows attackers to send keyboard events through an exposed WebSocket on port 8082. Attackers can craft malicious web pages to inject keystrokes, opening applications and typing arbitrary text by sending specific WebSocket messages.
CVSS 9.8
CVE-2021-44665 EXPLOITDB MEDIUM python WORKING POC
Xerte < 3.10.3 - Path Traversal
A Directory Traversal vulnerability exists in the Xerte Project Xerte through 3.10.3 when downloading a project file via download.php.
CVSS 6.5
CVE-2021-44664 EXPLOITDB HIGH python WORKING POC
Xerte < 3.9 - Path Traversal
An Authenticated Remote Code Exection (RCE) vulnerability exists in Xerte through 3.9 in website_code/php/import/fileupload.php by uploading a maliciously crafted PHP file though the project interface disguised as a language file to bypasses the upload filters. Attackers can manipulate the files destination by abusing path traversal in the 'mediapath' variable.
CVSS 8.8