Samrat Das

8 exploits Active since Jan 2018
CVE-2018-12529 EXPLOITDB HIGH text WORKING POC
Intex N150 Firmware - Cross-Site Request Forgery
An issue was discovered on Intex N150 devices. The router firmware suffers from multiple CSRF injection point vulnerabilities including changing user passwords and router settings.
CVSS 8.8
CVE-2018-12529 EXPLOITDB HIGH text WRITEUP
Intex N150 Firmware - Cross-Site Request Forgery
An issue was discovered on Intex N150 devices. The router firmware suffers from multiple CSRF injection point vulnerabilities including changing user passwords and router settings.
CVSS 8.8
CVE-2018-12528 EXPLOITDB HIGH text WORKING POC
Intex N150 Firmware - Unrestricted Upload of Dangerous File Type via Backup/Restore Function
An issue was discovered on Intex N150 devices. The backup/restore option does not check the file extension uploaded for importing a configuration files backup, which can lead to corrupting the router firmware settings or even the uploading of malicious files. In order to exploit the vulnerability, an attacker can upload any malicious file and force reboot the router with it.
CVSS 8.1
CVE-2017-14521 EXPLOITDB HIGH text WORKING POC
WonderCMS 2.3.1 - Unrestricted Upload of File with Dangerous Type
In WonderCMS 2.3.1, the upload functionality accepts random application extensions and leads to malicious File Upload.
CVSS 8.8
CVE-2017-14523 EXPLOITDB HIGH text WRITEUP
WonderCMS 2.3.1 - HTTP Host Header Injection
WonderCMS 2.3.1 is vulnerable to an HTTP Host header injection attack. It uses user-entered values to redirect pages. NOTE: the vendor reports that exploitation is unlikely because the attack can only come from a local machine or from the administrator as a self attack
CVSS 7.5
CVE-2018-7198 EXPLOITDB MEDIUM text WRITEUP
October CMS < 1.0.431 - Stored Cross-Site Scripting via Add Posts Page
October CMS through 1.0.431 allows XSS by entering HTML on the Add Posts page.
CVSS 6.1
CVE-2018-8908 EXPLOITDB HIGH html WORKING POC
Frog CMS 0.9.5 - Cross-Site Request Forgery in User Addition
An issue was discovered in /admin/?/user/add in Frog CMS 0.9.5. The application's add user functionality suffers from CSRF. A malicious user can craft an HTML page and use it to trick a victim into clicking on it; once executed, a malicious user will be created with admin privileges. This happens due to lack of an anti-CSRF token in state modification requests.
CVSS 8.8
CVE-2018-7176 EXPLOITDB HIGH html WORKING POC
FrontAccounting 2.4.3 - Cross-Site Request Forgery via User Permissions Page
FrontAccounting 2.4.3 suffers from a CSRF flaw, which leads to adding a user account via admin/users.php (aka the "add user" feature of the User Permissions page).
CVSS 8.8