Yehia Elghaly

13 exploits Active since Nov 2021
CVE-2023-53886 EXPLOITDB HIGH python WORKING POC
Xlight FTP Server 3.9.3.6 - Buffer Overflow
Xlight FTP Server 3.9.3.6 contains a stack buffer overflow vulnerability in the 'Execute Program' configuration that allows attackers to crash the application. Attackers can trigger the vulnerability by inserting 294 characters into the program execution configuration, causing a denial of service condition.
CVSS 7.5
CVE-2023-53880 EXPLOITDB MEDIUM text WORKING POC
Lucee 5.4.2.17 - Authenticated Reflected Cross-Site Scripting via Admin Interface Parameters
Lucee 5.4.2.17 contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through administrative interface parameters. Attackers can craft specific payloads targeting admin pages like server.cfm and web.cfm to execute arbitrary JavaScript in victim's browser sessions.
CVE-2021-47765 EXPLOITDB MEDIUM python WORKING POC
AbsoluteTelnet 11.24 - Denial of Service via Username or Email Field Overflow
AbsoluteTelnet 11.24 contains a denial of service vulnerability that allows local attackers to crash the application by manipulating username and error report fields. Attackers can trigger the crash by inserting 1000 characters into the username or email address fields, causing the application to become unresponsive.
CVSS 5.5
CVE-2021-47764 EXPLOITDB MEDIUM python WORKING POC
AbsoluteTelnet 11.24 - Denial of Service via DialUp Connection and License Name Fields
AbsoluteTelnet 11.24 contains a denial of service vulnerability that allows local attackers to crash the application by manipulating DialUp connection and license name fields. Attackers can generate a 1000-character payload and paste it into specific input fields to trigger application crashes and force unexpected termination.
CVSS 5.5
CVE-2021-46368 EXPLOITDB HIGH text WRITEUP
TRIGONE Remote System Monitor <3.61 - Privilege Escalation
TRIGONE Remote System Monitor 3.61 is vulnerable to an unquoted path service allowing local users to launch processes with elevated privileges.
CVSS 7.8
CVE-2021-45334 EXPLOITDB CRITICAL text WORKING POC
Sourcecodester Online Thesis Archiving System 1.0 - SQL Injection
Sourcecodester Online Thesis Archiving System 1.0 is vulnerable to SQL Injection. An attacker can bypass admin authentication and gain access to admin panel using SQL Injection
CVSS 9.8
CVE-2021-44428 EXPLOITDB HIGH python WORKING POC
Pinkie 2.15 - Denial of Service via TFTP Read Request
Pinkie 2.15 allows remote attackers to cause a denial of service (daemon crash) via a TFTP read (RRQ) request, aka opcode 1.
CVSS 7.5
EIP-2026-119051 EXPLOITDB python WORKING POC
Prime95 Version 30.7 build 9 - Remote Code Execution (RCE)
EIP-2026-118168 EXPLOITDB text WRITEUP
WorkTime 10.20 Build 4967 - Unquoted Service Path
EIP-2026-116864 EXPLOITDB python WORKING POC
AVS Audio Converter 10.3 - Stack Overflow (SEH)
EIP-2026-116602 EXPLOITDB python WORKING POC
Xlight FTP 3.9.3.1 - Buffer Overflow (PoC)
EIP-2026-115849 EXPLOITDB python WORKING POC
Modbus Slave 7.3.1 - Buffer Overflow (DoS)
EIP-2026-101148 EXPLOITDB python WORKING POC
Accu-Time Systems MAXIMUS 1.0 - Telnet Remote Buffer Overflow (DoS)