Semen Alexandrovich Lyhin - Security Researcher - Exploit Intelligence Platform

CVE-2019-13292 NOMISEC CRITICAL WORKING POC

Weberp - SQL Injection

A SQL Injection issue was discovered in webERP 4.15. Payments.php accepts payment data in base64 format. After this is decoded, it is deserialized. Then, this deserialized data goes directly into a SQL query, with no sanitizing checks.

2 stars

CVSS 9.8

View Code

CVE-2019-13292 NOMISEC CRITICAL WORKING POC

Weberp - SQL Injection

A SQL Injection issue was discovered in webERP 4.15. Payments.php accepts payment data in base64 format. After this is decoded, it is deserialized. Then, this deserialized data goes directly into a SQL query, with no sanitizing checks.

2 stars

CVSS 9.8

View Code

CVE-2019-13292 NOMISEC CRITICAL WORKING POC

Weberp - SQL Injection

A SQL Injection issue was discovered in webERP 4.15. Payments.php accepts payment data in base64 format. After this is decoded, it is deserialized. Then, this deserialized data goes directly into a SQL query, with no sanitizing checks.

2 stars

CVSS 9.8

View Code

EIP-2026-119516 EXPLOITDB python WORKING POC

Arm Whois 3.11 - Buffer Overflow (SEH)

View Code

EIP-2026-119517 EXPLOITDB python WORKING POC

Arm Whois 3.11 - Buffer Overflow (SEH)

View Code

EIP-2026-118175 EXPLOITDB python WORKING POC

XAMPP Control Panel 3.2.2 - Buffer Overflow (SEH) (Unicode)

View Code

CVE-2019-13292 EXPLOITDB CRITICAL python WORKING POC

Weberp - SQL Injection

A SQL Injection issue was discovered in webERP 4.15. Payments.php accepts payment data in base64 format. After this is decoded, it is deserialized. Then, this deserialized data goes directly into a SQL query, with no sanitizing checks.

CVSS 9.8

View Code

CVE-2019-16894 EXPLOITDB CRITICAL text WORKING POC

inoERP <4.15 - SQL Injection

download.php in inoERP 4.15 allows SQL injection through insecure deserialization.

CVSS 9.8

View Code

EIP-2026-104226 EXPLOITDB text WORKING POC

DotNetNuke 9.3.2 - Cross-Site Scripting

View Code

CVE-2019-5485 EXPLOITDB CRITICAL text WORKING POC

Gitlabhook - OS Command Injection

NPM package gitlabhook version 0.0.17 is vulnerable to a Command Injection vulnerability. Arbitrary commands can be injected through the repository name.

CVSS 10.0

View Code

CVE-2019-11017 EXPLOITDB MEDIUM text WRITEUP

Dlink Di-524 Firmware - XSS

On D-Link DI-524 V2.06RU devices, multiple Stored and Reflected XSS vulnerabilities were found in the Web Configuration: /spap.htm, /smap.htm, and /cgi-bin/smap, as demonstrated by the cgi-bin/smap RC parameter.

CVSS 4.8

View Code