Simon Brannstrom

5 exploits Active since Sep 2017
CVE-2018-25379 EXPLOITDB HIGH text WORKING POC
Collectric CMU 1.0 SQL Injection via lang Parameter
Collectric CMU 1.0 contains a boolean-based blind SQL injection vulnerability in the lang parameter that allows unauthenticated attackers to manipulate database queries during authentication. Attackers can inject SQL code through the lang parameter in login requests to extract sensitive information from the database using time-based blind techniques.
CVSS 8.2
CVE-2017-12929 EXPLOITDB HIGH WRITEUP
TecnoVISION DLX Spot Player4 >1.5.10 - Authenticated Arbitrary File Upload via resource.php
Arbitrary File Upload in resource.php of TecnoVISION DLX Spot Player4 version >1.5.10 allows remote authenticated users to upload arbitrary files leading to Remote Command Execution.
CVSS 8.8
CVE-2017-12929 EXPLOITDB HIGH text WORKING POC
TecnoVISION DLX Spot Player4 >1.5.10 - Authenticated Arbitrary File Upload via resource.php
Arbitrary File Upload in resource.php of TecnoVISION DLX Spot Player4 version >1.5.10 allows remote authenticated users to upload arbitrary files leading to Remote Command Execution.
CVSS 8.8
CVE-2017-12930 EXPLOITDB CRITICAL text WRITEUP
TecnoVISION DLX Spot Player4 >1.5.10 - Unauthenticated SQL Injection via Admin Interface
SQL Injection in the admin interface in TecnoVISION DLX Spot Player4 version >1.5.10 allows remote unauthenticated users to access the web interface as administrator via a crafted password.
CVSS 9.8
CVE-2017-12930 EXPLOITDB CRITICAL text WRITEUP
TecnoVISION DLX Spot Player4 >1.5.10 - Unauthenticated SQL Injection via Admin Interface
SQL Injection in the admin interface in TecnoVISION DLX Spot Player4 version >1.5.10 allows remote unauthenticated users to access the web interface as administrator via a crafted password.
CVSS 9.8