Semen Alexandrovich Lyhin

10 exploits Active since Apr 2019
CVE-2019-13292 NOMISEC CRITICAL WORKING POC
webERP 4.15 - SQL Injection via Payments.php Base64 Deserialization
A SQL Injection issue was discovered in webERP 4.15. Payments.php accepts payment data in base64 format. After this is decoded, it is deserialized. Then, this deserialized data goes directly into a SQL query, with no sanitizing checks.
2 stars
CVSS 9.8
CVE-2019-13292 NOMISEC CRITICAL WORKING POC
webERP 4.15 - SQL Injection via Payments.php Base64 Deserialization
A SQL Injection issue was discovered in webERP 4.15. Payments.php accepts payment data in base64 format. After this is decoded, it is deserialized. Then, this deserialized data goes directly into a SQL query, with no sanitizing checks.
2 stars
CVSS 9.8
CVE-2019-13292 NOMISEC CRITICAL WORKING POC
webERP 4.15 - SQL Injection via Payments.php Base64 Deserialization
A SQL Injection issue was discovered in webERP 4.15. Payments.php accepts payment data in base64 format. After this is decoded, it is deserialized. Then, this deserialized data goes directly into a SQL query, with no sanitizing checks.
2 stars
CVSS 9.8
CVE-2018-25427 EXPLOITDB CRITICAL python WORKING POC
Arm Whois 3.11 - Stack-based Buffer Overflow via Oversized IP/Domain Input
Arm Whois 3.11 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by supplying oversized input to the IP address or domain field. Attackers can craft malicious input exceeding 658 bytes with shellcode to overwrite the structured exception handler and gain command execution when the application processes the input.
CVSS 9.8
EIP-2026-118175 EXPLOITDB python WORKING POC
XAMPP Control Panel 3.2.2 - Buffer Overflow (SEH) (Unicode)
CVE-2019-13292 EXPLOITDB CRITICAL python WORKING POC
webERP 4.15 - SQL Injection via Payments.php Base64 Deserialization
A SQL Injection issue was discovered in webERP 4.15. Payments.php accepts payment data in base64 format. After this is decoded, it is deserialized. Then, this deserialized data goes directly into a SQL query, with no sanitizing checks.
CVSS 9.8
CVE-2019-16894 EXPLOITDB CRITICAL text WORKING POC
inoERP 4.15 - SQL Injection via Insecure Deserialization in download.php
download.php in inoERP 4.15 allows SQL injection through insecure deserialization.
CVSS 9.8
EIP-2026-104226 EXPLOITDB text WORKING POC
DotNetNuke 9.3.2 - Cross-Site Scripting
CVE-2019-5485 EXPLOITDB CRITICAL text WORKING POC
gitlabhook 0.0.17 - OS Command Injection via Repository Name
NPM package gitlabhook version 0.0.17 is vulnerable to a Command Injection vulnerability. Arbitrary commands can be injected through the repository name.
CVSS 10.0
CVE-2019-11017 EXPLOITDB MEDIUM text WRITEUP
D-Link DI-524 2.06RU - Stored and Reflected Cross-Site Scripting via Web Configuration
On D-Link DI-524 V2.06RU devices, multiple Stored and Reflected XSS vulnerabilities were found in the Web Configuration: /spap.htm, /smap.htm, and /cgi-bin/smap, as demonstrated by the cgi-bin/smap RC parameter.
CVSS 4.8