X-C3LL

13 exploits Active since Jul 2017
CVE-2024-22107 GITHUB HIGH python WORKING POC
GTB Central Console 15.17.1-30814.NG - Command Injection
An issue was discovered in GTB Central Console 15.17.1-30814.NG. The method systemSettingsDnsDataAction at /opt/webapp/src/AppBundle/Controller/React/SystemSettingsController.php is vulnerable to command injection via the /old/react/v1/api/system/dns/data endpoint. An authenticated attacker can abuse it to inject an arbitrary command and compromise the platform.
11 stars
CVSS 7.2
CVE-2017-11318 GITHUB HIGH python WORKING POC
Cobian Backup 11 - Remote Code Execution via Pre-Backup Event Command Injection
Cobian Backup 11 client allows man-in-the-middle attackers to add and execute new backup tasks when the master server is spoofed. In addition, the attacker can execute system commands remotely by abusing pre-backup events.
11 stars
CVSS 8.1
CVE-2017-14339 GITHUB HIGH python WORKING POC
YADIFA < 2.2.6 - Denial of Service via DNS Packet Parser Infinite Loop
The DNS packet parser in YADIFA before 2.2.6 does not check for the presence of infinite pointer loops, and thus it is possible to force it to enter an infinite loop. This can cause high CPU usage and makes the server unresponsive.
11 stars
CVSS 7.5
CVE-2017-8893 GITHUB HIGH python WORKING POC
AeroAdmin 4.1 - Denial of Service via Buffer Overflow
AeroAdmin 4.1 uses a function to copy data between two pointers where the size of the data copied is taken directly from a network packet. This can cause a buffer overflow and denial of service.
11 stars
CVSS 7.5
CVE-2018-10024 GITHUB CRITICAL python WORKING POC
ubiQuoss Switch VP5208A - Info Disclosure
ubiQuoss Switch VP5208A creates a bcm_password file at /cgi-bin/ with the user credentials in cleartext when a failed login attempt occurs. The file can be reached via an HTTP request. The credentials can be used to access the system via SSH (or TELNET if it is enabled).
11 stars
CVSS 9.8
CVE-2018-15503 GITHUB HIGH python WORKING POC
Swoole 4.0.4 - Denial of Service via Unpack Deserialization Size Check Bypass
The unpack implementation in Swoole version 4.0.4 lacks correct size checks in the deserialization process. An attacker can craft a serialized object to exploit this vulnerability and cause a SEGV.
11 stars
CVSS 7.5
CVE-2018-7081 GITHUB CRITICAL python WORKING POC
ArubaOS < 6.4.4.21 - Remote Code Execution via PAPI Protocol
A remote code execution vulnerability is present in network-listening components in some versions of ArubaOS. An attacker with the ability to transmit specially-crafted IP traffic to a mobility controller could exploit this vulnerability and cause a process crash or to execute arbitrary code within the underlying operating system with full system privileges. Such an attack could lead to complete system compromise. The ability to transmit traffic to an IP interface on the mobility controller is required to carry out an attack. The attack leverages the PAPI protocol (UDP port 8211). If the mobility controller is only bridging L2 traffic to an uplink and does not have an IP address that is accessible to the attacker, it cannot be attacked.
11 stars
CVSS 9.8
CVE-2019-12386 GITHUB MEDIUM python WORKING POC
Ampache < 3.9.1 - Stored Cross-Site Scripting via LocalPlay Add Instance
An issue was discovered in Ampache through 3.9.1. A stored XSS exists in the localplay.php LocalPlay "add instance" functionality. The injected code is reflected in the instances menu. This vulnerability can be abused to force an admin to create a new privileged user whose credentials are known by the attacker.
11 stars
CVSS 5.4
CVE-2019-12725 GITHUB CRITICAL python WORKING POC
ZeroShell 3.9.0 - Unauthenticated Remote Command Execution via HTTP Parameter Injection
Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters.
11 stars
CVSS 9.8
CVE-2019-14459 GITHUB HIGH python WORKING POC
nfdump < 1.6.17 - Denial of Service via Integer Overflow in Process_ipfix_template_withdraw
nfdump 1.6.17 and earlier is affected by an integer overflow in the function Process_ipfix_template_withdraw in ipfix.c that can be abused in order to crash the process remotely (denial of service).
11 stars
CVSS 7.5
CVE-2020-26574 GITHUB CRITICAL python WORKING POC
Leostream Connection Broker 8.2.x - XSS
Leostream Connection Broker 8.2.x is affected by stored XSS. An unauthenticated attacker can inject arbitrary JavaScript code via the webquery.pl User-Agent HTTP header. It is rendered by the admins the next time they log in. The JavaScript injected can be used to force the admin to upload a malicious Perl script that will be executed as root via libMisc::browser_client. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
11 stars
CVSS 9.6
CVE-2020-26878 GITHUB HIGH python WORKING POC
Ruckus <1.5.1.0.21 - Command Injection
Ruckus through 1.5.1.0.21 is affected by remote command injection. An authenticated user can submit a query to the API (/service/v1/createUser endpoint), injecting arbitrary commands that will be executed as root user via web.py.
11 stars
CVSS 8.8
CVE-2022-26952 GITHUB HIGH python WORKING POC
Digi Passport Firmware <1.5.1 - Buffer Overflow
Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow in the function for building the Location header string when an unauthenticated user is redirected to the authentication page.
11 stars
CVSS 7.5