farisv

15 exploits Active since Sep 2018
CVE-2018-16509 NOMISEC HIGH WORKING POC
Artifex Ghostscript <9.24 - Privilege Escalation
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction.
58 stars
CVSS 7.8
CVE-2018-19126 NOMISEC CRITICAL WORKING POC
PrestaShop 1.6.0.1-1.6.1.22 - Unauthenticated Arbitrary File Upload and Remote Code Execution
PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to execute arbitrary code via a file upload.
40 stars
CVSS 9.8
CVE-2018-4407 NOMISEC HIGH WORKING POC
iPhone OS < 12.0 - Memory Corruption via ICMP Error Handling
A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.
25 stars
CVSS 8.8
CVE-2019-3810 NOMISEC MEDIUM WORKING POC
moodle 3.1.0-3.1.15 3.6.0-3.6.1 - Cross-Site Scripting in User Profile Image Hover Text
A flaw was found in moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versions. The /userpix/ page did not escape users' full names, which are included as text when hovering over profile images. Note this page is not linked to by default and its access is restricted.
17 stars
CVSS 6.1
CVE-2018-20795 EXPLOITDB HIGH text WORKING POC
tecrail Responsive FileManager 9.13.4 - Path Traversal via Path Parameter
tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary files via path traversal with the path parameter, through the copy_cut action in ajax_calls.php and the paste_clipboard action in execute.php.
CVSS 7.5
CVE-2018-20794 EXPLOITDB HIGH text WORKING POC
tecrail Responsive FileManager 9.13.4 - Path Traversal and Arbitrary File Write via Image Save Action
tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary image file (jpg/jpeg/png) via path traversal with the path parameter, through the save_img action in ajax_calls.php.
CVSS 7.5
CVE-2018-20793 EXPLOITDB HIGH text WORKING POC
tecrail Responsive FileManager 9.13.4 - Path Traversal and Arbitrary File Write via paths[0] Bypass
tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary file as a consequence of a paths[0] path traversal mitigation bypass, through the create_file action in execute.php.
CVSS 7.5
CVE-2018-20792 EXPLOITDB HIGH text WORKING POC
tecrail Responsive FileManager 9.13.4 - Path Traversal via Path Parameter in get_file Action
tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary file via path traversal with the path parameter, through the get_file action in ajax_calls.php.
CVSS 7.5
CVE-2018-20791 EXPLOITDB MEDIUM text WORKING POC
tecrail Responsive FileManager 9.13.4 - Cross-Site Scripting via Media File Upload
tecrail Responsive FileManager 9.13.4 allows XSS via a media file upload with an XSS payload in the name, because of mishandling of the media_preview action.
CVSS 6.1
CVE-2018-20790 EXPLOITDB HIGH text WORKING POC
tecrail Responsive FileManager 9.13.4 - Path Traversal and Arbitrary File Deletion via paths[0] Parameter
tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary file as a consequence of a paths[0] path traversal mitigation bypass through the delete_file action in execute.php.
CVSS 7.5
CVE-2018-20789 EXPLOITDB HIGH text WORKING POC
tecrail Responsive FileManager 9.13.4 - Path Traversal & Directory Deletion via execute.php
tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary directory as a consequence of a paths[0] path traversal mitigation bypass through the delete_folder action in execute.php.
CVSS 7.5
CVE-2018-19125 EXPLOITDB HIGH php WORKING POC
PrestaShop <1.6.1.23, <1.7.4.4 - Path Traversal
PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to delete an image directory.
CVSS 7.5
CVE-2018-19126 EXPLOITDB CRITICAL php WORKING POC
PrestaShop 1.6.0.1-1.6.1.22 - Unauthenticated Arbitrary File Upload and Remote Code Execution
PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to execute arbitrary code via a file upload.
CVSS 9.8
CVE-2018-1000888 EXPLOITDB HIGH text WORKING POC
PEAR Archive_Tar <1.4.3 - Code Injection
PEAR Archive_Tar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the Archive_Tar class. There are several file operations with `$v_header['filename']` as parameter (such as file_exists, is_file, is_dir, etc). When extract is called without a specific prefix path, we can trigger unserialization by crafting a tar file with `phar://[path_to_malicious_phar_file]` as path. Object injection can be used to trigger destruct in the loaded PHP classes, e.g. the Archive_Tar class itself. With Archive_Tar object injection, arbitrary file deletion can occur because `@unlink($this->_temp_tarname)` is called. If another class with useful gadget is loaded, it may possible to cause remote code execution that can result in files being deleted or possibly modified. This vulnerability appears to have been fixed in 1.4.4.
CVSS 8.8
CVE-2019-3810 EXPLOITDB MEDIUM text WORKING POC
moodle 3.1.0-3.1.15 3.6.0-3.6.1 - Cross-Site Scripting in User Profile Image Hover Text
A flaw was found in moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versions. The /userpix/ page did not escape users' full names, which are included as text when hovering over profile images. Note this page is not linked to by default and its access is restricted.
CVSS 6.1