Stephen Fewer

20 exploits Active since Apr 2012
CVE-2025-22457 NOMISEC CRITICAL WORKING POC
Ivanti Connect Secure Unauthenticated Remote Code Execution via Stack-based Buffer Overflow
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.
71 stars
CVSS 9.0
CVE-2025-0282 NOMISEC CRITICAL WORKING POC
Ivanti Connect Secure <22.7R2.5 - RCE
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.
49 stars
CVSS 9.0
CVE-2024-51977 NOMISEC MEDIUM WORKING POC
Multiple Brother devices authentication bypass via default administrator password generation
An unauthenticated attacker who can access either the HTTP service (TCP port 80), the HTTPS service (TCP port 443), or the IPP service (TCP port 631), can leak several pieces of sensitive information from a vulnerable device. The URI path /etc/mnt_info.csv can be accessed via a GET request and no authentication is required. The returned result is a comma separated value (CSV) table of information. The leaked information includes the device’s model, firmware version, IP address, and serial number.
29 stars
CVSS 5.3
CVE-2025-22457 NOMISEC CRITICAL WORKING POC
Ivanti Connect Secure Unauthenticated Remote Code Execution via Stack-based Buffer Overflow
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.
1 stars
CVSS 9.0
CVE-2024-51978 WRITEUP CRITICAL WORKING POC
Unknown Device - Info Disclosure
An unauthenticated attacker who knows the target device's serial number, can generate the default administrator password for the device. An unauthenticated attacker can first discover the target device's serial number via CVE-2024-51977 over HTTP/HTTPS/IPP, or via a PJL request, or via an SNMP request.
CVSS 9.8
CVE-2024-51979 WRITEUP HIGH WORKING POC
Brother ADS and DCP Series - Stack-based Buffer Overflow via Malformed Referer Header
An authenticated attacker may trigger a stack based buffer overflow by performing a malformed request to either the HTTP service (TCP port 80), the HTTPS service (TCP port 443), or the IPP service (TCP port 631). The malformed request will contain an empty Origin header value and a malformed Referer header value. The Referer header value will trigger a stack based buffer overflow when the host value in the Referer header is processed and is greater than 64 bytes in length.
CVSS 7.2
CVE-2024-51980 WRITEUP MEDIUM WORKING POC
WS-Addressing ReplyTo - SSRF
An unauthenticated attacker may perform a limited server side request forgery (SSRF), forcing the target device to open a TCP connection to an arbitrary port number on an arbitrary IP address. This SSRF leverages the WS-Addressing ReplyTo element in a Web service (HTTP TCP port 80) SOAP request. The attacker can not control the data sent in the SSRF connection, nor can the attacker receive any data back. This SSRF is suitable for TCP port scanning of an internal network when the Web service (HTTP TCP port 80) is exposed across a network segment.
CVSS 5.3
CVE-2024-51981 WRITEUP MEDIUM WORKING POC
WS-Addressing - SSRF
An unauthenticated attacker may perform a blind server side request forgery (SSRF), due to a CLRF injection issue that can be leveraged to perform HTTP request smuggling. This SSRF leverages the WS-Addressing feature used during a WS-Eventing subscription SOAP operation. The attacker can control all the HTTP data sent in the SSRF connection, but the attacker can not receive any data back from this connection.
CVSS 5.3
CVE-2024-51982 WRITEUP HIGH WORKING POC
Brother Printer Devices - Denial of Service via Malformed PJL Command
An unauthenticated attacker who can connect to TCP port 9100 can issue a Printer Job Language (PJL) command that will crash the target device. The device will reboot, after which the attacker can reissue the command to repeatedly crash the device. A malformed PJL variable FORMLINES is set to a non number value causing the target to crash.
CVSS 7.5
CVE-2024-51983 WRITEUP HIGH WORKING POC
Web Services < unknown - DoS
An unauthenticated attacker who can connect to the Web Services feature (HTTP TCP port 80) can issue a WS-Scan SOAP request containing an unexpected JobToken value which will crash the target device. The device will reboot, after which the attacker can reissue the command to repeatedly crash the device.
CVSS 7.5
CVE-2024-51984 WRITEUP MEDIUM WORKING POC
Brother ADS Series - Credential Disclosure via External Service Reconfiguration
An authenticated attacker can reconfigure the target device to use an external service (such as LDAP or FTP) controlled by the attacker. If an existing password is present for an external service, the attacker can force the target device to authenticate to an attacker controlled device using the existing credentials for that external service. In the case of an external LDAP or FTP service, this will disclose the plaintext password for that external service to the attacker.
CVSS 6.8
CVE-2024-52544 WRITEUP CRITICAL WORKING POC
DP Service <2.800.0000000.8.R.20241111 - Buffer Overflow
An unauthenticated attacker can trigger a stack based buffer overflow in the DP Service (TCP port 3500). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.
CVSS 9.8
CVE-2024-52545 WRITEUP MEDIUM WORKING POC
IQ Service <2.800.0000000.8.R.20241111 - Info Disclosure
An unauthenticated attacker can perform an out of bounds heap read in the IQ Service (TCP port 9876). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.
CVSS 6.5
CVE-2024-52546 WRITEUP MEDIUM WORKING POC
DHIP Service <2.800.0000000.8.R.20241111 - Use After Free
An unauthenticated attacker can perform a null pointer dereference in the DHIP Service (UDP port 37810). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.
CVSS 5.3
CVE-2024-52547 WRITEUP HIGH WORKING POC
DHIP Service <2.800.0000000.8.R.20241111 - Buffer Overflow
An authenticated attacker can trigger a stack based buffer overflow in the DHIP Service (TCP port 80). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.
CVSS 7.2
CVE-2024-52548 WRITEUP MEDIUM WORKING POC
Firmware <2.800.0000000.8.R.20241111 - Privilege Escalation
An attacker who can execute arbitrary Operating Systems commands, can bypass code signing enforcements in the kernel, and execute arbitrary native code. This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.
CVSS 6.7
CVE-2012-2215 METASPLOIT ruby WORKING POC
Novell Zenworks Configuration Management - Path Traversal
Directory traversal vulnerability in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to read arbitrary files via an opcode 0x21 request.
CVE-2025-0282 METASPLOIT CRITICAL ruby WORKING POC
Ivanti Connect Secure <22.7R2.5 - RCE
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.
CVSS 9.0
EIP-2026-118974 EXPLOITDB ruby WORKING POC
Novell ZENworks Configuration Management Preboot Service 0x06 - Remote Buffer Overflow (Metasploit)
EIP-2026-118975 EXPLOITDB ruby WORKING POC
Novell ZENworks Configuration Management Preboot Service 0x21 - Remote Buffer Overflow (Metasploit)