Xiphos Research Ltd - Security Researcher - Exploit Intelligence Platform

CVE-2016-8870 EXPLOITDB HIGH text WORKING POC

Joomla! <3.6.4 - RCE

The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting.

CVSS 8.1

View Code

CVE-2016-8869 EXPLOITDB CRITICAL text WORKING POC

Joomla! <3.6.4 - Privilege Escalation

The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use of unfiltered data when registering on a site.

CVSS 9.8

View Code

CVE-2015-1427 EXPLOITDB CRITICAL python WORKING POC

Elasticsearch <1.3.8, <1.4.3 - Command Injection

The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script.

CVSS 9.8

View Code

EIP-2026-102862 EXPLOITDB bash WORKING POC

GNU Screen 4.5.0 - Local Privilege Escalation

View Code

EIP-2026-101832 EXPLOITDB text WORKING POC

LifeSize Room 5.0.9 - Multiple Vulnerabilities

View Code