fs0c131y - Security Researcher - Exploit Intelligence Platform

CVE-2019-6447 NOMISEC HIGH WORKING POC

ES File Explorer File Manager < 4.1.9.7.4 - Unauthenticated Arbitrary File Read via TCP Port 59777

The ES File Explorer File Manager application through 4.1.9.7.4 for Android allows remote attackers to read arbitrary files or execute applications via TCP port 59777 requests on the local Wi-Fi network. This TCP port remains open after the ES application has been launched once, and responds to unauthenticated application/json data over HTTP.

677 stars

CVSS 8.1

View Code

CVE-2018-20555 NOMISEC CRITICAL WORKING POC

Design Chemical Social Network Tabs 1.7.1 - Exposure of Sensitive Twitter Credentials via dcwp_twitter.php

The Design Chemical Social Network Tabs plugin 1.7.1 for WordPress allows remote attackers to discover Twitter access_token, access_token_secret, consumer_key, and consumer_secret values by reading the dcwp_twitter.php source code. This leads to Twitter account takeover.

73 stars

CVSS 9.8

View Code

CVE-2019-6447 GITLAB HIGH WORKING POC

ES File Explorer File Manager < 4.1.9.7.4 - Unauthenticated Arbitrary File Read via TCP Port 59777

The ES File Explorer File Manager application through 4.1.9.7.4 for Android allows remote attackers to read arbitrary files or execute applications via TCP port 59777 requests on the local Wi-Fi network. This TCP port remains open after the ES application has been launched once, and responds to unauthenticated application/json data over HTTP.

CVSS 8.1

View Code

CVE-2019-12087 WRITEUP MEDIUM WORKING POC

Samsung S9+, S10, XCover 4 P(9.0) - DoS

Samsung S9+, S10, and XCover 4 P(9.0) devices can become temporarily inoperable because of an unprotected intent in the ContainerAgent application. For example, the victim becomes stuck in a launcher with their Secure Folder locked. NOTE: the researcher mentions "the Samsung Security Team considered this issue as no/little security impact.

CVSS 5.5

View Code

CVE-2019-6447 METASPLOIT HIGH ruby WORKING POC

ES File Explorer File Manager < 4.1.9.7.4 - Unauthenticated Arbitrary File Read via TCP Port 59777

The ES File Explorer File Manager application through 4.1.9.7.4 for Android allows remote attackers to read arbitrary files or execute applications via TCP port 59777 requests on the local Wi-Fi network. This TCP port remains open after the ES application has been launched once, and responds to unauthenticated application/json data over HTTP.

CVSS 8.1

View Code