hyp3rlinx

260 exploits Active since Jun 2015
CVE-2018-4863 EXPLOITDB MEDIUM text WORKING POC
Sophos Endpoint Protection - Security Feature Bypass
Sophos Endpoint Protection 10.7 allows local users to bypass an intended tamper protection mechanism by deleting the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Sophos Endpoint Defense\ registry key.
CVSS 5.5
CVE-2018-9233 EXPLOITDB HIGH text WRITEUP
Sophos Endpoint Protection 10.7 - Info Disclosure
Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for password storage in %PROGRAMDATA%\Sophos\Sophos Anti-Virus\Config\machine.xml, which makes it easier for attackers to determine a cleartext password, and subsequently choose unsafe malware settings, via rainbow tables or other approaches.
CVSS 7.8
CVE-2022-47529 EXPLOITDB MEDIUM text WORKING POC
RSA NetWitness <12.2 - Privilege Escalation
Insecure Win32 memory objects in Endpoint Windows Agents in RSA NetWitness Platform before 12.2 allow local and admin Windows user accounts to modify the endpoint agent service configuration: to either disable it completely or run user-supplied code or commands, thereby bypassing tamper-protection features via ACL modification.
CVSS 6.7
EIP-2026-118117 EXPLOITDB text WORKING POC
Windows TCPIP Finger Command - C2 Channel and Bypassing Security Software
CVE-2017-9355 EXPLOITDB HIGH text WORKING POC
Subsonic 6.1.1 - SSRF
XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist file.
CVSS 7.4
CVE-2020-13866 EXPLOITDB HIGH text WRITEUP
Qbik Wingate - Incorrect Permission Assignment
WinGate v9.4.1.5998 has insecure permissions for the installation directory, which allows local users to gain privileges by replacing an executable file with a Trojan horse.
CVSS 7.8
EIP-2026-117502 EXPLOITDB text WORKING POC
Microsoft MSINFO32.EXE 6.1.7601 - '.NFO' XML External Entity Injection
EIP-2026-117507 EXPLOITDB text WORKING POC
Microsoft PowerShell - XML External Entity Injection
CVE-2018-8532 EXPLOITDB MEDIUM text WORKING POC
Microsoft SQL Server Management Studio <18.0 - Info Disclosure
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XMLA file containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. This CVE ID is unique from CVE-2018-8527, CVE-2018-8533.
CVSS 5.5
EIP-2026-117500 EXPLOITDB text WORKING POC
Microsoft Internet Explorer 11 - XML External Entity Injection
EIP-2026-117486 EXPLOITDB text WORKING POC
Microsoft Excel Starter 2010 - XML External Entity Injection
EIP-2026-117491 EXPLOITDB text WORKING POC
Microsoft Game Definition File Editor 6.3.9600 - XML External Entity Injection
CVE-2018-8533 EXPLOITDB MEDIUM text WORKING POC
Microsoft SQL Server Management Studio <18 - Info Disclosure
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing malicious XML content containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. This CVE ID is unique from CVE-2018-8527, CVE-2018-8532.
CVSS 5.5
EIP-2026-117497 EXPLOITDB text WORKING POC
Microsoft Internet Explorer / ActiveX Control - Security Bypass
EIP-2026-117477 EXPLOITDB text WORKING POC
Microsoft Authorization Manager 6.1.7601 - 'azman' XML External Entity Injection
EIP-2026-117478 EXPLOITDB text WORKING POC
Microsoft Baseline Security Analyzer 2.3 - XML External Entity Injection
EIP-2026-117480 EXPLOITDB text WORKING POC
Microsoft Enterprise Mode Site List Manager - XML External Entity Injection
CVE-2025-24054 EXPLOITDB MEDIUM text WRITEUP
Windows NTLM - Path Traversal
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
CVSS 6.5
EIP-2026-117439 EXPLOITDB python WORKING POC
MakeSFX.exe 1.44 - Local Stack Buffer Overflow
EIP-2026-117544 EXPLOITDB text WORKING POC
Microsoft Windows - XRM-MS File NTLM Information Disclosure Spoofing
CVE-2019-0948 EXPLOITDB MEDIUM text WORKING POC
Windows Event Viewer - Info Disclosure
An information disclosure vulnerability exists in the Windows Event Viewer (eventvwr.msc) when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration. To exploit the vulnerability, an attacker could create a file containing specially crafted XML content and convince an authenticated user to import the file. The update addresses the vulnerability by modifying the way that the Event Viewer parses XML input.
CVSS 4.7
EIP-2026-117443 EXPLOITDB text WORKING POC
Max Secure Anti Virus Plus 19.0.4.020 - Insecure File Permissions
EIP-2026-117707 EXPLOITDB python WORKING POC
NScan 0.9.1 - 'Target' Local Buffer Overflow
EIP-2026-117727 EXPLOITDB text WORKING POC
Oracle - 'HtmlConverter.exe' Local Buffer Overflow
EIP-2026-117568 EXPLOITDB text WORKING POC
Microsoft Windows FxCop 10/12 - XML External Entity Injection