Yakir Wizman

84 exploits Active since Jul 2007
CVE-2016-15055 EXPLOITDB HIGH text WORKING POC
JVC VN-T - Path Traversal
JVC VN-T IP-camera models firmware versions up to 2016-08-22 (confirmed on the VN-T216VPRU model) contain a directory traversal vulnerability in the checkcgi endpoint that accepts a user-controlled file parameter. An unauthenticated remote attacker can leverage this vulnerability to read arbitrary files on the device.
CVE-2012-10044 EXPLOITDB CRITICAL ruby WORKING POC
MobileCartly 1.0 - File Creation
MobileCartly version 1.0 contains an arbitrary file creation vulnerability in the savepage.php script. The application fails to perform authentication or authorization checks before invoking file_put_contents() on attacker-controlled input. An unauthenticated attacker can exploit this flaw by sending crafted HTTP GET requests to savepage.php, specifying both the filename and content. This allows arbitrary file creation within the pages/ directory or any writable path on the server, allowing remote code execution.
CVE-2012-10044 EXPLOITDB CRITICAL text WORKING POC
MobileCartly 1.0 - File Creation
MobileCartly version 1.0 contains an arbitrary file creation vulnerability in the savepage.php script. The application fails to perform authentication or authorization checks before invoking file_put_contents() on attacker-controlled input. An unauthenticated attacker can exploit this flaw by sending crafted HTTP GET requests to savepage.php, specifying both the filename and content. This allows arbitrary file creation within the pages/ directory or any writable path on the server, allowing remote code execution.
CVE-2012-10044 METASPLOIT CRITICAL ruby WORKING POC
MobileCartly 1.0 - File Creation
MobileCartly version 1.0 contains an arbitrary file creation vulnerability in the savepage.php script. The application fails to perform authentication or authorization checks before invoking file_put_contents() on attacker-controlled input. An unauthenticated attacker can exploit this flaw by sending crafted HTTP GET requests to savepage.php, specifying both the filename and content. This allows arbitrary file creation within the pages/ directory or any writable path on the server, allowing remote code execution.
EIP-2026-119631 EXPLOITDB python WORKING POC
Dropbox Desktop Client 9.4.49 (x64) - Local Credentials Disclosure
EIP-2026-119639 EXPLOITDB python WORKING POC
LogMeIn Client 1.3.2462 (x64) - Local Credentials Disclosure
EIP-2026-119647 EXPLOITDB python WORKING POC
PrivateTunnel Client 2.7.0 (x64) - Local Credentials Disclosure
EIP-2026-119289 EXPLOITDB text WORKING POC
WinTFTP Server Pro 3.1 - Directory Traversal
EIP-2026-119645 EXPLOITDB python WORKING POC
Navicat Premium 11.2.11 (x64) - Local Database Password Disclosure
EIP-2026-119644 EXPLOITDB python WORKING POC
MySQL 5.5.45 (x64) - Local Credentials Disclosure
EIP-2026-119069 EXPLOITDB perl WORKING POC
QuickPHP Web Server - Arbitrary '.php' File Download
EIP-2026-119149 EXPLOITDB text WORKING POC
SmallFTPd 1.0.3 - Directory Traversal
EIP-2026-119067 EXPLOITDB text WORKING POC
Quick Tftp Server Pro 2.1 - Directory Traversal
EIP-2026-118638 EXPLOITDB php WORKING POC
Home FTP Server 1.11.1.149 - 'RETR'/'DELE'/'RMD' Directory Traversal
EIP-2026-118285 EXPLOITDB text WORKING POC
AT-TFTP Server 1.8 - Directory Traversal
EIP-2026-118335 EXPLOITDB php WORKING POC
Buffy 1.3 - Directory Traversal
EIP-2026-117769 EXPLOITDB php WORKING POC
PHP 6.0 Dev - 'str_transliterate()' Local Buffer Overflow
EIP-2026-117766 EXPLOITDB php WORKING POC
PHP 5.0.0 - 'tidy_parse_file()' Local Buffer Overflow
EIP-2026-116802 EXPLOITDB python WORKING POC
Apple iCloud Desktop Client 5.2.1.0 - Local Credentials Disclosure
EIP-2026-116060 EXPLOITDB text WORKING POC
PHP 6.0 - 'openssl_verify()' Local Buffer Overflow (PoC)
EIP-2026-115012 EXPLOITDB php WORKING POC
bsnes 0.87 - Local Denial of Service
EIP-2026-115162 EXPLOITDB php WORKING POC
Dolphin 2.0 - '.elf' Local Denial of Service
EIP-2026-115171 EXPLOITDB php WORKING POC
Dualis 20.4 - '.bin' Local Denial of Service
EIP-2026-113953 EXPLOITDB text WORKING POC
WordPress Plugin Photoracer 1.0 - Multiple Vulnerabilities
EIP-2026-113133 EXPLOITDB php WORKING POC
Vivid Ads Shopping Cart - 'prodid' SQL Injection