rungga_reksya

6 exploits Active since Mar 2017
CVE-2017-7446 EXPLOITDB HIGH text WORKING POC
HelpDEZk 1.1.1 - Cross-Site Request Forgery in Admin Person Management
HelpDEZk 1.1.1 has CSRF in admin/home#/person/ with an impact of obtaining admin privileges.
CVSS 8.8
EIP-2026-118012 EXPLOITDB ruby WORKING POC
Tomabo MP4 Player 3.11.6 - Local Stack Overflow (SEH) (Metasploit)
CVE-2017-7402 EXPLOITDB CRITICAL text WORKING POC
Pixie 1.0.4 - Authenticated Remote Code Execution via Double Extension File Upload
Pixie 1.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via the POST data in an admin/index.php?s=publish&x=filemanager request for a filename with a double extension, such as a .jpg.php file with Content-Type of image/jpeg.
CVSS 9.8
CVE-2017-7447 EXPLOITDB HIGH text WORKING POC
HelpDEZk 1.1.1 - Cross-Site Request Forgery in Logo Upload
HelpDEZk 1.1.1 has CSRF in admin/home#/logos/ with an impact of remote execution of arbitrary PHP code.
CVSS 8.8
CVE-2017-7571 EXPLOITDB HIGH text WORKING POC
Faveo 1.9.3 - Cross-Site Request Forgery in Role Change Admin
public/rolechangeadmin in Faveo 1.9.3 allows CSRF. The impact is obtaining admin privileges.
CVSS 8.0
CVE-2017-6823 EXPLOITDB HIGH text WORKING POC
Fiyo CMS 2.0.6.1 - Privilege Escalation
Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level parameter to dapur/ in an app=user&act=edit action.
CVSS 8.8