Shayan Sadigh

17 exploits Active since Aug 2014
CVE-2014-5088 EXPLOITDB WRITEUP
Status2k - XSS
Cross-site scripting (XSS) vulnerability in Status2k allows remote attackers to inject arbitrary web script or HTML via the username to login.php.
CVE-2014-5089 EXPLOITDB WRITEUP
Status2k - SQL Injection
SQL injection vulnerability in admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary SQL commands via the log parameter.
CVE-2014-5090 EXPLOITDB WRITEUP
Status2k - Code Injection
admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the Location field in Add Logs in the Admin Panel.
CVE-2014-5092 EXPLOITDB HIGH WRITEUP
Status2k - Improper Input Validation
Status2k allows Remote Command Execution in admin/options/editpl.php.
CVSS 8.8
CVE-2014-5093 EXPLOITDB CRITICAL WRITEUP
Status2k - Insufficiently Protected Credentials
Status2k does not remove the install directory allowing credential reset.
CVSS 9.8
CVE-2014-5082 EXPLOITDB WRITEUP
Sphider < 1.3.6 - SQL Injection
Multiple SQL injection vulnerabilities in admin/admin.php in Sphider 1.3.6 and earlier, Sphider Pro, and Sphider-plus allow remote attackers to execute arbitrary SQL commands via the (1) site_id or (2) url parameter.
CVE-2014-5083 EXPLOITDB HIGH WRITEUP
Sphider < 1.3.6 - Injection
A Command Execution vulnerability exists in Sphider before 1.3.6 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5083 pertains to instances of fwrite in Sphider.
CVSS 8.8
CVE-2014-5084 EXPLOITDB HIGH WRITEUP
Sphiderpro Sphider Pro - Injection
A Command Execution vulnerability exists in Sphider Pro 3.2 due to insufficient sanitization of fwrite, which could let a remote malicious user execute arbitrary code. CVE-2014-5084 pertains to instances of fwrite in Sphider Pro only, but do not exist in either Sphider or Sphider Plus.
CVSS 8.8
CVE-2014-5085 EXPLOITDB HIGH WRITEUP
Sphider-plus - Injection
A Command Execution vulnerability exists in Sphider Plus 3.2 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5085 pertains to instances of fwrite in Sphider Plus, but do not exist in either Sphider or Sphider Pro.
CVSS 8.8
CVE-2014-5086 EXPLOITDB HIGH WORKING POC
Sphider < 1.3.6 - Injection
A Command Execution vulnerability exists in Sphider Pro, and Sphider Plus 3.2 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5086 pertains to instances of fwrite in Sphider Pro and Sphider Plus only, but don’t exist in Sphider.
CVSS 8.8
CVE-2014-5091 EXPLOITDB CRITICAL text WRITEUP
Status2k - Improper Input Validation
A vulnerability exits in Status2K 2.5 Server Monitoring Software via the multies parameter to includes/functions.php, which could let a malicious user execute arbitrary PHP code.
CVSS 9.8
CVE-2014-5081 EXPLOITDB CRITICAL text WORKING POC
Sphider < 1.3.6 - Authentication Bypass
sphider prior to 1.3.6, sphider-pro prior to 3.2, and sphider-plus prior to 3.2 allow authentication bypass
CVSS 9.8
CVE-2014-3206 EXPLOITDB CRITICAL text WORKING POC
Seagate Blackarmor Nas 220 Firmware - Improper Input Validation
Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php.
CVSS 9.8
CVE-2014-3205 EXPLOITDB CRITICAL text WORKING POC
Seagate Blackarmor Nas 220 Firmware - Hard-coded Credentials
backupmgt/pre_connect_check.php in Seagate BlackArmor NAS contains a hard-coded password of '!~@##$$%FREDESWWSED' for a backdoor user.
CVSS 9.8
CVE-2014-5087 EXPLOITDB CRITICAL text WORKING POC
Sphider < 1.3.6 - Improper Input Validation
A vulnerability exists in Sphider Search Engine prior to 1.3.6 due to exec calls in admin/spiderfuncs.php, which could let a remote malicious user execute arbitrary code.
CVSS 9.8
CVE-2014-5094 EXPLOITDB text WRITEUP
Status2k - Information Disclosure
Status2k allows remote attackers to obtain configuration information via a phpinfo action in a request to status/index.php, which calls the phpinfo function.
CVE-2016-6272 EXPLOITDB HIGH text WORKING POC
Epic MyChart - XPath Injection
XPath injection vulnerability in Epic MyChart allows remote attackers to access contents of an XML document containing static display strings, such as field labels, via the topic parameter to help.asp. NOTE: this was originally reported as a SQL injection vulnerability, but this may be inaccurate.
CVSS 7.5