hyp3rlinx

260 exploits Active since Jun 2015
EIP-2026-119370 EXPLOITDB text WORKING POC
FTGate 2009 Build 6.4.00 - Multiple Vulnerabilities
CVE-2017-14086 EXPLOITDB HIGH text WORKING POC
Trend Micro OfficeScan 11.0 - Use After Free
Pre-authorization Start Remote Process vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to start the fcgiOfcDDA.exe executable or cause a potential INI corruption, which may cause the server disk space to be consumed with dump files from continuous HTTP requests.
CVSS 7.5
CVE-2018-6940 EXPLOITDB MEDIUM text WORKING POC
nat32 - Remote Code Execution via /shell?cmd= XSS and CSRF
A /shell?cmd= XSS issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be exploited for Remote Code Execution in conjunction with CSRF.
CVSS 6.1
EIP-2026-119422 EXPLOITDB text WORKING POC
ServersCheck Monitoring Software 14.3.3 - 'id' SQL Injection
CVE-2017-9415 EXPLOITDB HIGH text WORKING POC
subsonic 6.1.1 - Cross-Site Request Forgery via userSettings.view
Cross-site request forgery (CSRF) vulnerability in subsonic 6.1.1 allows remote attackers with knowledge of the target username to hijack the authentication of users for requests that change passwords via a crafted request to userSettings.view.
CVSS 7.5
EIP-2026-119659 EXPLOITDB text WORKING POC
Microsoft Excel 2016 1901 - XML External Entity Injection
CVE-2024-22318 EXPLOITDB MEDIUM text WRITEUP
IBM i Access Client Solutions <1.1.2-1.1.4, <1.1.4.3-1.1.9.4 - Info...
IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server. If NTLM is enabled, the Windows operating system will try to authenticate using the current user's session. The hostile server could capture the NTLM hash information to obtain the user's credentials. IBM X-Force ID: 279091.
CVSS 5.1
EIP-2026-119661 EXPLOITDB text WORKING POC
Microsoft Windows Media Center 2002 - XML External Entity MotW Bypass
EIP-2026-119663 EXPLOITDB text WORKING POC
Visual Studio 2008 - XML External Entity Injection
EIP-2026-119655 EXPLOITDB text WRITEUP
Windows PowerShell - Event Log Bypass Single Quote Code Execution
EIP-2026-119665 EXPLOITDB text WORKING POC
Winrar 5.80 - XML External Entity Injection
CVE-2018-7756 EXPLOITDB CRITICAL text WORKING POC
DEWESoft X3 SP1 - Unauthenticated Remote Code Execution via RunExeFile.exe TCP Port 1999
RunExeFile.exe in the installer for DEWESoft X3 SP1 (64-bit) devices does not require authentication for sessions on TCP port 1999, which allows remote attackers to execute arbitrary code or access internal commands, as demonstrated by a RUN command that launches a .EXE file located at an arbitrary external URL, or a "SETFIREWALL Off" command.
CVSS 9.8
CVE-2018-6941 EXPLOITDB HIGH text WORKING POC
nat32 v2.2 Build 22284 - Cross-Site Request Forgery via /shell?cmd= Endpoint
A /shell?cmd= CSRF issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be exploited for Remote Code Execution in conjunction with XSS.
CVSS 8.8
EIP-2026-119453 EXPLOITDB text WRITEUP
Wing FTP Server Admin 4.4.5 - Multiple Vulnerabilities
EIP-2026-119513 EXPLOITDB c WORKING POC
Argus Surveillance DVR 4.0.0.0 - Privilege Escalation
EIP-2026-119642 EXPLOITDB text WORKING POC
Microsoft Windows Defender - VBScript Detection Bypass
EIP-2026-119643 EXPLOITDB text WORKING POC
Microsoft Windows Defender Bypass - Detection Mitigation Bypass
CVE-2018-15745 EXPLOITDB HIGH text WORKING POC
Argus Surveillance DVR 4.0.0.0 - Directory Traversal
Argus Surveillance DVR 4.0.0.0 devices allow Unauthenticated Directory Traversal, leading to File Disclosure via a ..%2F in the WEBACCOUNT.CGI RESULTPAGE parameter.
CVSS 7.5
EIP-2026-119667 EXPLOITDB text WORKING POC
Microsoft Windows mshta.exe 2019 - XML External Entity Injection
CVE-2017-7237 EXPLOITDB CRITICAL text WRITEUP
Spiceworks Inventory <7.5 - Path Traversal
The Spiceworks TFTP Server, as distributed with Spiceworks Inventory 7.5, allows remote attackers to access the Spiceworks data\configurations directory by leveraging the unauthenticated nature of the TFTP service for all clients who can reach UDP port 69, as demonstrated by a WRQ (aka Write request) operation for a configuration file or an executable file.
CVSS 9.8
CVE-2017-14084 EXPLOITDB HIGH text WRITEUP
Trend Micro OfficeScan 11.0 and XG (12.0) - Remote Code Execution via Man-in-the-Middle Attack
A potential Man-in-the-Middle (MitM) attack vulnerability in Trend Micro OfficeScan 11.0 and XG may allow attackers to execute arbitrary code on vulnerable installations.
CVSS 8.1
CVE-2018-17980 EXPLOITDB HIGH c WORKING POC
NoMachine < 5.3.27 and 6.x < 6.3.6 - Untrusted Search Path via Trojan Horse wintab32.dll
NoMachine before 5.3.27 and 6.x before 6.3.6 allows attackers to gain privileges via a Trojan horse wintab32.dll file located in the same directory as a .nxs file, as demonstrated by a scenario where the .nxs file and the DLL are in the current working directory, and the Trojan horse code is executed. (The directory could, in general, be on a local filesystem or a network share.).
CVSS 7.8
CVE-2018-12589 EXPLOITDB HIGH c WORKING POC
Polaris Office 2017 8.1 - Remote Code Execution via Trojan Horse DLL in Current Working Directory
Polaris Office 2017 8.1 allows attackers to execute arbitrary code via a Trojan horse puiframeworkproresenu.dll file in the current working directory.
CVSS 7.8
EIP-2026-119076 EXPLOITDB text WORKING POC
Rapid PHP Editor 14.1 - Remote Command Execution
CVE-2017-7455 EXPLOITDB HIGH text WORKING POC
Moxa MXView 2.8 - Unauthenticated Exposure of Sensitive Information via Private Key File
Moxa MXView 2.8 allows remote attackers to read web server's private key file, no access control.
CVSS 7.5