haile01

5 exploits Active since Dec 2023
CVE-2023-7101 METASPLOIT HIGH ruby WORKING POC
Spreadsheet::ParseExcel < 0.65 - Remote Code Execution via Number Format String Eval
Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic.
CVSS 7.8
CVE-2023-7102 METASPLOIT CRITICAL ruby WORKING POC
Barracuda ESG Appliance <9.2.1.001 - Parameter Injection
Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic.
CVSS 9.8
CVE-2023-7101 WRITEUP HIGH WORKING POC
Spreadsheet::ParseExcel < 0.65 - Remote Code Execution via Number Format String Eval
Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic.
CVSS 7.8
CVE-2023-7102 WRITEUP CRITICAL WORKING POC
Barracuda ESG Appliance <9.2.1.001 - Parameter Injection
Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic.
CVSS 9.8
CVE-2024-22368 WRITEUP MEDIUM WRITEUP
Spreadsheet::ParseXLSX <0.28 - Info Disclosure
The Spreadsheet::ParseXLSX package before 0.28 for Perl can encounter an out-of-memory condition during parsing of a crafted XLSX document. This occurs because the memoize implementation does not have appropriate constraints on merged cells.
CVSS 5.5