Robin Verton

8 exploits Active since Nov 2005
CVE-2017-14143 METASPLOIT CRITICAL ruby WORKING POC
Kaltura Server < mercury-13.1.0 - Remote Code Execution via Hardcoded Cookie Secret
The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, which allows remote attackers to bypass an intended protection mechanism and consequently conduct PHP object injection attacks and execute arbitrary PHP code via a crafted userzone cookie.
CVSS 9.8
EIP-2026-110803 EXPLOITDB text WORKING POC
PHP-Fusion 4.0/5.0/6.0 - 'options.php?/ viewforum.php' SQL Injection
EIP-2026-109745 EXPLOITDB php WRITEUP
MyBloggie 2.1.6 - HTML Injection / SQL Injection
CVE-2017-14143 EXPLOITDB CRITICAL python WORKING POC
Kaltura Server < mercury-13.1.0 - Remote Code Execution via Hardcoded Cookie Secret
The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, which allows remote attackers to bypass an intended protection mechanism and consequently conduct PHP object injection attacks and execute arbitrary PHP code via a crafted userzone cookie.
CVSS 9.8
CVE-2005-3571 EXPLOITDB text WRITEUP
CodeGrrl PHPCalendar/PHPClique/PHPCurrently/PHPFanBase/PHPQuotes Remote File Inclusion
PHP file inclusion vulnerability in protection.php in CodeGrrl (a) PHPCalendar 1.0, (b) PHPClique 1.0, (c) PHPCurrently 2.0, (d) PHPFanBase 2.1, and (e) PHPQuotes 1.0 allows remote attackers to include arbitrary local files via the siteurl parameter when register_globals is enabled. NOTE: It was later reported that PHPFanBase 2.2 is also affected.
CVE-2005-3797 EXPLOITDB text WORKING POC
AlstraSoft Template Seller Pro 3.25 - RCE
PHP remote file inclusion vulnerability in payment_paypal.php in AlstraSoft Template Seller Pro 3.25 allows remote attackers to execute arbitrary PHP code via the config[basepath] parameter.
CVE-2017-14143 EXPLOITDB CRITICAL ruby WORKING POC
Kaltura Server < mercury-13.1.0 - Remote Code Execution via Hardcoded Cookie Secret
The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, which allows remote attackers to bypass an intended protection mechanism and consequently conduct PHP object injection attacks and execute arbitrary PHP code via a crafted userzone cookie.
CVSS 9.8
CVE-2016-5195 EXPLOITDB HIGH c WORKING POC
Linux Kernel 2.x-4.x < 4.8.3 - Local Privilege Escalation via Dirty COW Race Condition
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
CVSS 7.0