Yann CAM

9 exploits Active since Feb 2009
CVE-2025-34116 EXPLOITDB HIGH text WORKING POC
IPFire <2.19 - Authenticated RCE
A remote command execution vulnerability exists in IPFire before version 2.19 Core Update 101 via the 'proxy.cgi' CGI interface. An authenticated attacker can inject arbitrary shell commands through crafted values in the NCSA user creation form fields, leading to command execution with web server privileges.
CVE-2009-0545 METASPLOIT ruby WORKING POC
ZeroShell <1.0beta11 - Command Injection
cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type parameter in a NoAuthREQ x509List action.
CVE-2025-34116 METASPLOIT HIGH ruby WORKING POC
IPFire <2.19 - Authenticated RCE
A remote command execution vulnerability exists in IPFire before version 2.19 Core Update 101 via the 'proxy.cgi' CGI interface. An authenticated attacker can inject arbitrary shell commands through crafted values in the NCSA user creation form fields, leading to command execution with web server privileges.
EIP-2026-110562 EXPLOITDB text WORKING POC
pfSense 2.3.2 - Cross-Site Scripting / Cross-Site Request Forgery
EIP-2026-110558 EXPLOITDB text WORKING POC
pfSense 2.0.1 - Cross-Site Scripting / Cross-Site Request Forgery / Remote Command Execution
EIP-2026-110563 EXPLOITDB text WORKING POC
pfSense 2.3.2 - Cross-Site Scripting / Cross-Site Request Forgery
EIP-2026-103344 EXPLOITDB text WORKING POC
ZeroShell 'cgi-bin/kerbynet' - Local File Disclosure
EIP-2026-100718 EXPLOITDB ruby WORKING POC
IPFire - 'proxy.cgi' Remote Code Execution (Metasploit)
EIP-2026-100969 EXPLOITDB text WORKING POC
m0n0wall 1.33 - Multiple Cross-Site Request Forgery Vulnerabilities