farisv - Security Researcher - Exploit Intelligence Platform

CVE-2018-16509 NOMISEC HIGH WORKING POC

Artifex Ghostscript <9.24 - Privilege Escalation

An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction.

58 stars

CVSS 7.8

View Code

CVE-2018-19126 NOMISEC CRITICAL WORKING POC

Prestashop < 1.6.1.23 - Unrestricted File Upload

PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to execute arbitrary code via a file upload.

40 stars

CVSS 9.8

View Code

CVE-2018-4407 NOMISEC HIGH WORKING POC

Apple Iphone OS < 12.0 - Memory Corruption

A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.

25 stars

CVSS 8.8

View Code

CVE-2019-3810 NOMISEC MEDIUM WORKING POC

Moodle < 3.1.15 - XSS

A flaw was found in moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versions. The /userpix/ page did not escape users' full names, which are included as text when hovering over profile images. Note this page is not linked to by default and its access is restricted.

17 stars

CVSS 6.1

View Code

CVE-2018-20795 EXPLOITDB HIGH text WORKING POC

Tecrail Responsive Filemanager - Path Traversal

tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary files via path traversal with the path parameter, through the copy_cut action in ajax_calls.php and the paste_clipboard action in execute.php.

CVSS 7.5

View Code

CVE-2018-20794 EXPLOITDB HIGH text WORKING POC

Tecrail Responsive Filemanager - Path Traversal

tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary image file (jpg/jpeg/png) via path traversal with the path parameter, through the save_img action in ajax_calls.php.

CVSS 7.5

View Code

CVE-2018-20793 EXPLOITDB HIGH text WORKING POC

Tecrail Responsive Filemanager - Path Traversal

tecrail Responsive FileManager 9.13.4 allows remote attackers to write to an arbitrary file as a consequence of a paths[0] path traversal mitigation bypass, through the create_file action in execute.php.

CVSS 7.5

View Code

CVE-2018-20792 EXPLOITDB HIGH text WORKING POC

Tecrail Responsive Filemanager - Path Traversal

tecrail Responsive FileManager 9.13.4 allows remote attackers to read arbitrary file via path traversal with the path parameter, through the get_file action in ajax_calls.php.

CVSS 7.5

View Code

CVE-2018-20791 EXPLOITDB MEDIUM text WORKING POC

Tecrail Responsive Filemanager - XSS

tecrail Responsive FileManager 9.13.4 allows XSS via a media file upload with an XSS payload in the name, because of mishandling of the media_preview action.

CVSS 6.1

View Code

CVE-2018-20790 EXPLOITDB HIGH text WORKING POC

Tecrail Responsive Filemanager - Path Traversal

tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary file as a consequence of a paths[0] path traversal mitigation bypass through the delete_file action in execute.php.

CVSS 7.5

View Code

CVE-2018-20789 EXPLOITDB HIGH text WORKING POC

Tecrail Responsive Filemanager - Path Traversal

tecrail Responsive FileManager 9.13.4 allows remote attackers to delete an arbitrary directory as a consequence of a paths[0] path traversal mitigation bypass through the delete_folder action in execute.php.

CVSS 7.5

View Code

CVE-2018-19125 EXPLOITDB HIGH php WORKING POC

PrestaShop <1.6.1.23, <1.7.4.4 - Path Traversal

PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to delete an image directory.

CVSS 7.5

View Code

CVE-2018-19126 EXPLOITDB CRITICAL php WORKING POC

Prestashop < 1.6.1.23 - Unrestricted File Upload

PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to execute arbitrary code via a file upload.

CVSS 9.8

View Code

CVE-2018-1000888 EXPLOITDB HIGH text WORKING POC

PEAR Archive_Tar <1.4.3 - Code Injection

PEAR Archive_Tar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the Archive_Tar class. There are several file operations with `$v_header['filename']` as parameter (such as file_exists, is_file, is_dir, etc). When extract is called without a specific prefix path, we can trigger unserialization by crafting a tar file with `phar://[path_to_malicious_phar_file]` as path. Object injection can be used to trigger destruct in the loaded PHP classes, e.g. the Archive_Tar class itself. With Archive_Tar object injection, arbitrary file deletion can occur because `@unlink($this->_temp_tarname)` is called. If another class with useful gadget is loaded, it may possible to cause remote code execution that can result in files being deleted or possibly modified. This vulnerability appears to have been fixed in 1.4.4.

CVSS 8.8

View Code

CVE-2019-3810 EXPLOITDB MEDIUM text WORKING POC

Moodle < 3.1.15 - XSS

A flaw was found in moodle versions 3.6 to 3.6.1, 3.5 to 3.5.3, 3.4 to 3.4.6, 3.1 to 3.1.15 and earlier unsupported versions. The /userpix/ page did not escape users' full names, which are included as text when hovering over profile images. Note this page is not linked to by default and its access is restricted.

CVSS 6.1

View Code