Valerio Brussani

3 exploits Active since Oct 2018
CVE-2019-6588 EXPLOITDB MEDIUM text WORKING POC
Liferay Portal < 7.1 CE GA4 - Cross-Site Scripting via SimpleCaptcha URL Parameter
In Liferay Portal before 7.1 CE GA4, an XSS vulnerability exists in the SimpleCaptcha API when custom code passes unsanitized input into the "url" parameter of the JSP taglib call <liferay-ui:captcha url="<%= url %>" /> or <liferay-captcha:captcha url="<%= url %>" />. Liferay Portal out-of-the-box behavior with no customizations is not vulnerable.
CVSS 4.7
CVE-2018-13042 EXPLOITDB MEDIUM text WORKING POC
1Password 6.8 for Android - Denial of Service via OpenYolo Activity Export
The 1Password application 6.8 for Android is affected by a Denial Of Service vulnerability. By starting the activity com.agilebits.onepassword.filling.openyolo.OpenYoloDeleteActivity or com.agilebits.onepassword.filling.openyolo.OpenYoloRetrieveActivity from an external application (since they are exported), it is possible to crash the 1Password instance.
CVSS 5.9
CVE-2019-11932 EXPLOITDB HIGH c++ WORKING POC
WhatsApp < 2.19.244 - Remote Code Execution via GIF Image Parsing
A double free vulnerability in the DDGifSlurp function in decoding.c in the android-gif-drawable library before version 1.2.18, as used in WhatsApp for Android before version 2.19.244 and many other Android applications, allows remote attackers to execute arbitrary code or cause a denial of service when the library is used to parse a specially crafted GIF image.
CVSS 8.8