SPARC

3 exploits Active since Sep 2017
CVE-2015-5243 WRITEUP CRITICAL WRITEUP
phpWhois - RCE
phpWhois allows remote attackers to execute arbitrary code via a crafted whois record.
CVSS 9.8
CVE-2018-17408 EXPLOITDB HIGH python WORKING POC
Zahir Accounting Enterprise Plus <6 - RCE
Stack-based buffer overflows in Zahir Accounting Enterprise Plus 6 through build 10b allow remote attackers to execute arbitrary code via a crafted CSV file that is accessed through the Import CSV File menu.
CVSS 7.8
CVE-2017-14738 EXPLOITDB CRITICAL python WORKING POC
FileRun <2017.09.18 - SQL Injection
FileRun (version 2017.09.18 and below) suffers from a remote SQL injection vulnerability due to a failure to sanitize input in the metafield parameter inside the metasearch module (under the search function).
CVSS 9.8