Shayan S

7 exploits Active since Oct 2014
CVE-2014-5091 EXPLOITDB CRITICAL text WRITEUP
status2k 2.5 - Remote Code Execution via Multies Parameter
A vulnerability exits in Status2K 2.5 Server Monitoring Software via the multies parameter to includes/functions.php, which could let a malicious user execute arbitrary PHP code.
CVSS 9.8
CVE-2014-5081 EXPLOITDB CRITICAL text WORKING POC
sphider < 1.3.6, sphider-pro < 3.2, sphider-plus < 3.2 - Authentication Bypass
sphider prior to 1.3.6, sphider-pro prior to 3.2, and sphider-plus prior to 3.2 allow authentication bypass
CVSS 9.8
CVE-2014-3206 EXPLOITDB CRITICAL text WORKING POC
Seagate BlackArmor NAS - Remote Code Execution via Session or Auth Name Parameter
Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php.
CVSS 9.8
CVE-2014-3205 EXPLOITDB CRITICAL text WORKING POC
Seagate BlackArmor NAS 220 and 110 Firmware - Use of Hard-coded Credentials
backupmgt/pre_connect_check.php in Seagate BlackArmor NAS contains a hard-coded password of '!~@##$$%FREDESWWSED' for a backdoor user.
CVSS 9.8
CVE-2014-5094 EXPLOITDB text WRITEUP
status2k - Unauthenticated Sensitive Information Exposure via phpinfo Action
Status2k allows remote attackers to obtain configuration information via a phpinfo action in a request to status/index.php, which calls the phpinfo function.
CVE-2014-5087 EXPLOITDB CRITICAL text WORKING POC
Sphider < 1.3.6 - Remote Code Execution via admin/spiderfuncs.php
A vulnerability exists in Sphider Search Engine prior to 1.3.6 due to exec calls in admin/spiderfuncs.php, which could let a remote malicious user execute arbitrary code.
CVSS 9.8
CVE-2016-6272 EXPLOITDB HIGH text WORKING POC
Epic MyChart - XPath Injection via Help Topic Parameter
XPath injection vulnerability in Epic MyChart allows remote attackers to access contents of an XML document containing static display strings, such as field labels, via the topic parameter to help.asp. NOTE: this was originally reported as a SQL injection vulnerability, but this may be inaccurate.
CVSS 7.5