Xavi Beltran

7 exploits Active since Sep 2018
CVE-2020-10963 NOMISEC HIGH WORKING POC
FrozenNode Laravel-Administrator <5.0.12 - RCE
FrozenNode Laravel-Administrator through 5.0.12 allows unrestricted file upload (and consequently Remote Code Execution) via admin/tips_image/image/file_upload image upload with PHP content within a GIF image that has the .php extension. NOTE: this product is discontinued.
CVSS 7.2
CVE-2019-25741 EXPLOITDB CRITICAL python WORKING POC
Mobatek MobaXterm 12.1 Buffer Overflow via Sessions File
Mobatek MobaXterm 12.1 contains a structured exception handling (SEH) based buffer overflow vulnerability in the username field of session files that allows remote attackers to execute arbitrary code. Attackers can craft a malicious MobaXterm sessions file with overflow data that triggers the vulnerability when imported and executed, enabling reverse shell execution with user privileges.
CVSS 9.8
CVE-2025-7771 EXPLOITDB HIGH text WORKING POC
ThrottleStop.sys - Privilege Escalation
ThrottleStop.sys, a legitimate driver, exposes two IOCTL interfaces that allow arbitrary read and write access to physical memory via the MmMapIoSpace function. This insecure implementation can be exploited by a malicious user-mode application to patch the running Windows kernel and invoke arbitrary kernel functions with ring-0 privileges. The vulnerability enables local attackers to execute arbitrary code in kernel context, resulting in privilege escalation and potential follow-on attacks, such as disabling security software or bypassing kernel-level protections. ThrottleStop.sys version 3.0.0.0 and possibly others are affected. Apply updates per vendor instructions.
EIP-2026-117018 EXPLOITDB python WORKING POC
DameWare Remote Support 12.1.0.34 - Buffer Overflow (SEH)
CVE-2018-12897 EXPLOITDB HIGH python WORKING POC
SolarWinds DameWare Mini Remote Control < 12.1 - Buffer Overflow
SolarWinds DameWare Mini Remote Control before 12.1 has a Buffer Overflow.
CVSS 7.8
EIP-2026-117017 EXPLOITDB python WORKING POC
DameWare Remote Support 12.1.0.34 - Buffer Overflow (SEH)
CVE-2020-10963 EXPLOITDB HIGH python WORKING POC
FrozenNode Laravel-Administrator <5.0.12 - RCE
FrozenNode Laravel-Administrator through 5.0.12 allows unrestricted file upload (and consequently Remote Code Execution) via admin/tips_image/image/file_upload image upload with PHP content within a GIF image that has the .php extension. NOTE: this product is discontinued.
CVSS 7.2