s4vitar

11 exploits Active since Mar 2019
CVE-2019-9599 NOMISEC HIGH WORKING POC
AirDroid < 4.2.1.6 - Denial of Service via sdctl/comm/lite_auth Requests
The AirDroid application through 4.2.1.6 for Android allows remote attackers to cause a denial of service (service crash) via many simultaneous sdctl/comm/lite_auth/ requests.
65 stars
CVSS 7.5
CVE-2019-9834 EXPLOITDB MEDIUM text WORKING POC
netdata < 1.13.0 - HTML Injection via Snapshot Import
The Netdata web application through 1.13.0 allows remote attackers to inject their own malicious HTML code into an imported snapshot, aka HTML Injection. Successful exploitation will allow attacker-supplied HTML to run in the context of the affected browser, potentially allowing the attacker to steal authentication credentials or to control how the site is rendered to the user. NOTE: the vendor disputes the risk because there is a clear warning next to the button for importing a snapshot
CVSS 6.1
EIP-2026-103025 EXPLOITDB bash WORKING POC
Ubuntu 18.04 - 'lxd' Privilege Escalation
CVE-2019-17624 EXPLOITDB HIGH python WORKING POC
X.Org X Server < 1.20.4 - Stack-Based Buffer Overflow in XQueryKeymap
"" In X.Org X Server 1.20.4, there is a stack-based buffer overflow in the function XQueryKeymap. For example, by sending ct.c_char 1000 times, an attacker can cause a denial of service (application crash) or possibly have unspecified other impact. Note: It is disputed if the X.Org X Server is involved or if there is a stack overflow.
CVSS 7.8
EIP-2026-102800 EXPLOITDB bash WORKING POC
CentOS 7.6 - 'ptrace_scope' Privilege Escalation
CVE-2019-9599 EXPLOITDB HIGH bash WORKING POC
AirDroid < 4.2.1.6 - Denial of Service via sdctl/comm/lite_auth Requests
The AirDroid application through 4.2.1.6 for Android allows remote attackers to cause a denial of service (service crash) via many simultaneous sdctl/comm/lite_auth/ requests.
CVSS 7.5
CVE-2019-9833 EXPLOITDB HIGH python WORKING POC
screen_stream < 3.0.15 - Denial of Service via Simultaneous Start-Stop Requests
The Screen Stream application through 3.0.15 for Android allows remote attackers to cause a denial of service via many simultaneous /start-stop requests.
CVSS 7.5
CVE-2019-9832 EXPLOITDB HIGH c WORKING POC
AirDrop < 2.0 - Denial of Service via Socket Connection Flood
The AirDrop application through 2.0 for Android allows remote attackers to cause a denial of service via a client that makes many socket connections through a configured port.
CVSS 7.5
CVE-2019-9831 EXPLOITDB HIGH python WORKING POC
AirMore < 1.6.1 - Denial of Service via PhoneRequestAuthorization Request Flood
The AirMore application through 1.6.1 for Android allows remote attackers to cause a denial of service (system hang) via many simultaneous /?Key=PhoneRequestAuthorization requests.
CVSS 7.5
CVE-2019-9601 EXPLOITDB HIGH python WORKING POC
ApowerManager < 3.1.7 - Denial of Service via PhoneRequestAuthorization Request Flood
The ApowerManager application through 3.1.7 for Android allows remote attackers to cause a denial of service via many simultaneous /?Key=PhoneRequestAuthorization requests.
CVSS 7.5
CVE-2019-9600 EXPLOITDB HIGH python WORKING POC
The Olive Tree FTP Server < 1.32 - Denial of Service via Connection Flood
The Olive Tree FTP Server (aka com.theolivetree.ftpserver) application through 1.32 for Android allows remote attackers to cause a denial of service via a client that makes many connection attempts and drops certain packets.
CVSS 7.5