Z3R0 (0x30) - Security Researcher - Exploit Intelligence Platform

CVE-2014-6287 NOMISEC CRITICAL WORKING POC

Rejetto HTTP File Server <2.3c - RCE

The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action.

CVSS 9.8

View Code

CVE-2015-3306 NOMISEC WORKING POC

ProFTPD 1.3.5 - Unauthenticated Arbitrary File Read and Write via mod_copy Site Commands

The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.

View Code

CVE-2021-40964 NOMISEC MEDIUM WORKING POC

TinyFileManager <=2.4.6 - Path Traversal

A Path Traversal vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload a file (with Admin credentials or with the CSRF vulnerability) with the "fullpath" parameter containing path traversal strings (../ and ..\) in order to escape the server's intended working directory and write malicious files onto any directory on the computer.

CVSS 6.5

View Code

CVE-2021-40964 NOMISEC MEDIUM WORKING POC

TinyFileManager <=2.4.6 - Path Traversal

A Path Traversal vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload a file (with Admin credentials or with the CSRF vulnerability) with the "fullpath" parameter containing path traversal strings (../ and ..\) in order to escape the server's intended working directory and write malicious files onto any directory on the computer.

CVSS 6.5

View Code

CVE-2014-6287 NOMISEC CRITICAL WORKING POC

Rejetto HTTP File Server <2.3c - RCE

The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action.

CVSS 9.8

View Code

CVE-2015-3306 NOMISEC WORKING POC

ProFTPD 1.3.5 - Unauthenticated Arbitrary File Read and Write via mod_copy Site Commands

The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.

View Code