Yorick Koster

40 exploits Active since Jul 2009
CVE-2016-5330 EXPLOITDB HIGH ruby WORKING POC
VMware Workstation Player 12.1.0-12.1.1 - Untrusted Search Path via HGFS Shared Folders
Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 through 6.0, VMware Workstation Pro 12.1.x before 12.1.1, VMware Workstation Player 12.1.x before 12.1.1, and VMware Fusion 8.1.x before 8.1.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
CVSS 7.8
CVE-2017-8464 EXPLOITDB HIGH ruby WORKING POC
Windows Shell - Remote Code Execution via Crafted .LNK File
Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows local users or remote attackers to execute arbitrary code via a crafted .LNK file, which is not properly handled during icon display in Windows Explorer or any other application that parses the icon of the shortcut. aka "LNK Remote Code Execution Vulnerability."
CVSS 8.8
CVE-2016-3235 EXPLOITDB HIGH ruby WORKING POC
Microsoft Visio <2016 - Privilege Escalation
Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability."
CVSS 7.8
CVE-2012-0013 EXPLOITDB ruby WORKING POC
MS12-005 Microsoft Office ClickOnce Unsafe Object Package Handling Vulnerability
Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability."
CVE-2012-0163 EXPLOITDB text WORKING POC
Microsoft .NET Framework Remote Code Execution via Improper Function Parameter Validation
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Parameter Validation Vulnerability."
EIP-2026-113561 EXPLOITDB text WORKING POC
WordPress Plugin ALO EasyMail NewsLetter 2.9.2 - Cross-Site Request Forgery (Add/Import Arbitrary Subscribers)
EIP-2026-113790 EXPLOITDB html WORKING POC
WordPress Plugin Global Content Blocks 2.1.5 - Cross-Site Request Forgery
CVE-2016-6897 EXPLOITDB MEDIUM text WORKING POC
WordPress < 4.5.5 - Cross-Site Request Forgery via Late check_ajax_referer Call
Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 allows remote attackers to hijack the authentication of subscribers for /dev/random read operations by leveraging a late call to the check_ajax_referer function, a related issue to CVE-2016-6896.
CVSS 6.5
EIP-2026-104749 EXPLOITDB ruby WORKING POC
pfSense 2.4.1 - Cross-Site Request Forgery Error Page Clickjacking (Metasploit)
CVE-2015-6306 EXPLOITDB c WORKING POC
Cisco AnyConnect Secure Mobility Client 4.1(8) - Privilege Escalation via Crafted Installation File
Cisco AnyConnect Secure Mobility Client 4.1(8) on OS X and Linux does not verify pathnames before installation actions, which allows local users to obtain root privileges via a crafted installation file, aka Bug ID CSCuv11947.
CVE-2009-1894 EXPLOITDB text WORKING POC
PulseAudio <0.9.14 - Privilege Escalation
Race condition in PulseAudio 0.9.9, 0.9.10, and 0.9.14 allows local users to gain privileges via vectors involving creation of a hard link, related to the application setting LD_BIND_NOW to 1, and then calling execv on the target of the /proc/self/exe symlink.
EIP-2026-101974 EXPLOITDB text WRITEUP
Seagate Personal Cloud SRN21C 4.3.16.0 / 4.3.18.0 - SQL Injection
CVE-2018-5347 EXPLOITDB CRITICAL WORKING POC
Seagate Media Server - Command Injection
Seagate Media Server in Seagate Personal Cloud has unauthenticated command injection in the uploadTelemetry and getLogs functions in views.py because .psp URLs are handled by the fastcgi.server component and shell metacharacters are mishandled.
CVSS 9.8
CVE-2014-0514 EXPLOITDB text WORKING POC
Adobe Reader Mobile < 11.2 - Remote Code Execution via JavaScript in PDF
The Adobe Reader Mobile application before 11.2 for Android does not properly restrict use of JavaScript, which allows remote attackers to execute arbitrary code via a crafted PDF document, a related issue to CVE-2012-6636.
CVE-2014-0514 EXPLOITDB ruby WORKING POC
Adobe Reader Mobile < 11.2 - Remote Code Execution via JavaScript in PDF
The Adobe Reader Mobile application before 11.2 for Android does not properly restrict use of JavaScript, which allows remote attackers to execute arbitrary code via a crafted PDF document, a related issue to CVE-2012-6636.