jacob-baines

3 exploits Active since Mar 2017
CVE-2021-41579 WRITEUP HIGH WRITEUP
LCDS LAquis SCADA <= 4.3.1.1085 - Path Traversal and Arbitrary File Write via Malicious ELS Project File
LCDS LAquis SCADA through 4.3.1.1085 is vulnerable to a control bypass and path traversal. If an attacker can get a victim to load a malicious els project file and use the play feature, then the attacker can bypass a consent popup and write arbitrary files to OS locations where the user has permission, leading to code execution.
CVSS 7.8
CVE-2013-4863 VULNCHECK_XDB HIGH WORKING POC
MiCasaVerde VeraLite <1.5.408 - RCE
The HomeAutomationGateway service in MiCasaVerde VeraLite with firmware 1.5.408 allows (1) remote attackers to execute arbitrary Lua code via a RunLua action in a request to upnp/control/hag on port 49451 or (2) remote authenticated users to execute arbitrary Lua code via a RunLua action in a request to port_49451/upnp/control/hag.
CVSS 8.8
CVE-2016-6255 VULNCHECK_XDB HIGH WORKING POC
Portable UPnP SDK <1.6.21 - Code Injection
Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to write to arbitrary files in the webroot via a POST request without a registered handler.
CVSS 7.5