Shayan S

7 exploits Active since Oct 2014
CVE-2014-5091 EXPLOITDB CRITICAL text WRITEUP
Status2k - Improper Input Validation
A vulnerability exits in Status2K 2.5 Server Monitoring Software via the multies parameter to includes/functions.php, which could let a malicious user execute arbitrary PHP code.
CVSS 9.8
CVE-2014-5081 EXPLOITDB CRITICAL text WORKING POC
Sphider < 1.3.6 - Authentication Bypass
sphider prior to 1.3.6, sphider-pro prior to 3.2, and sphider-plus prior to 3.2 allow authentication bypass
CVSS 9.8
CVE-2014-3206 EXPLOITDB CRITICAL text WORKING POC
Seagate Blackarmor Nas 220 Firmware - Improper Input Validation
Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php.
CVSS 9.8
CVE-2014-3205 EXPLOITDB CRITICAL text WORKING POC
Seagate Blackarmor Nas 220 Firmware - Hard-coded Credentials
backupmgt/pre_connect_check.php in Seagate BlackArmor NAS contains a hard-coded password of '!~@##$$%FREDESWWSED' for a backdoor user.
CVSS 9.8
CVE-2014-5094 EXPLOITDB text WRITEUP
Status2k - Information Disclosure
Status2k allows remote attackers to obtain configuration information via a phpinfo action in a request to status/index.php, which calls the phpinfo function.
CVE-2014-5087 EXPLOITDB CRITICAL text WORKING POC
Sphider < 1.3.6 - Improper Input Validation
A vulnerability exists in Sphider Search Engine prior to 1.3.6 due to exec calls in admin/spiderfuncs.php, which could let a remote malicious user execute arbitrary code.
CVSS 9.8
CVE-2016-6272 EXPLOITDB HIGH text WORKING POC
Epic MyChart - XPath Injection
XPath injection vulnerability in Epic MyChart allows remote attackers to access contents of an XML document containing static display strings, such as field labels, via the topic parameter to help.asp. NOTE: this was originally reported as a SQL injection vulnerability, but this may be inaccurate.
CVSS 7.5