ub3rsick

8 exploits Active since Sep 2018
CVE-2022-40684 EXPLOITDB CRITICAL python WORKING POC
Fortinet Fortiproxy < 7.0.7 - Authentication Bypass
An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
CVSS 9.8
CVE-2020-5509 EXPLOITDB HIGH python WORKING POC
PHPGurukul Car Rental Project v1.0 - RCE
PHPGurukul Car Rental Project v1.0 allows Remote Code Execution via an executable file in an upload of a new profile image.
CVSS 7.2
CVE-2022-41358 EXPLOITDB MEDIUM text WORKING POC
Garage Management System v1.0 - XSS
A stored cross-site scripting (XSS) vulnerability in Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the categoriesName parameter in createCategories.php.
CVSS 5.4
CVE-2022-23409 EXPLOITDB MEDIUM text WRITEUP
ethercreative/logs < 3.0.4 - Path Traversal via actionStream in Controller.php
The Logs plugin before 3.0.4 for Craft CMS allows remote attackers to read arbitrary files via input to actionStream in Controller.php.
CVSS 4.9
CVE-2018-16606 EXPLOITDB MEDIUM text WRITEUP
ProConf < 6.1 - Unauthenticated Insecure Direct Object Reference via Paper ID Parameter
In ProConf before 6.1, an Insecure Direct Object Reference (IDOR) allows any author to view and grab all submitted papers (Title and Abstract) and their authors' personal information (Name, Email, Organization, and Position) by changing the value of Paper ID (the pid parameter).
CVSS 6.5
CVE-2022-37061 EXPLOITDB CRITICAL python WORKING POC
FLIR AX8 Firmware <= 1.46.16 - Remote Command Injection via res.php id Parameter
All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. This can be exploited to inject and execute arbitrary shell commands as the root user through the id HTTP POST parameter in the res.php endpoint. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the root privileges. NOTE: The vendor has stated that with the introduction of firmware version 1.49.16 (Jan 2023) the FLIR AX8 should no longer be affected by the vulnerability reported. Latest firmware version (as of Oct 2025, was released Jun 2024) is 1.55.16.
CVSS 9.8
CVE-2021-33216 EXPLOITDB CRITICAL text WRITEUP
CommScope Ruckus IoT Controller <1.7.1.0 - Privilege Escalation
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. An Undocumented Backdoor exists, allowing shell access via a developer account.
CVSS 9.8
CVE-2023-26602 EXPLOITDB CRITICAL text WORKING POC
ASUS ASMB8-iKVM Firmware <= 1.14.51 - Remote Code Execution via SNMP Extension Creation
ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for command execution.
CVSS 9.8