zenofex

13 exploits Active since Sep 2017
CVE-2019-16759 METASPLOIT CRITICAL ruby WORKING POC
vBulletin 5.x /ajax/render/widget_tabbedcontainer_tab_panel PHP remote code execution.
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.
CVSS 9.8
CVE-2020-26134 WRITEUP MEDIUM WORKING POC
Live Helper Chat < 3.44 - Stored Cross-Site Scripting via BBCode in Chat Messages
Live Helper Chat before 3.44v allows stored XSS in chat messages with an operator via BBCode.
CVSS 6.1
CVE-2020-26135 WRITEUP MEDIUM WORKING POC
Live Helper Chat < 3.44 - Reflected Cross-Site Scripting via setsettingajax PATH_INFO
Live Helper Chat before 3.44v allows reflected XSS via the setsettingajax PATH_INFO.
CVSS 6.1
CVE-2020-12720 METASPLOIT CRITICAL ruby WORKING POC
vBulletin <5.5.6pl1, <5.6.0pl1, <5.6.1pl1 - Privilege Escalation
vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control.
CVSS 9.8
CVE-2020-17496 METASPLOIT CRITICAL ruby WORKING POC
vBulletin 5.5.4-5.6.2 - Remote Command Execution via subWidgets Data in AJAX Widget Renderer
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759.
CVSS 9.8
CVE-2020-12720 METASPLOIT CRITICAL ruby WORKING POC
vBulletin <5.5.6pl1, <5.6.0pl1, <5.6.1pl1 - Privilege Escalation
vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control.
CVSS 9.8
CVE-2017-13067 METASPLOIT CRITICAL ruby WORKING POC
QNAP QTS Media Library < 4.2.6/4.3.3.0299 - Unauthenticated RCE via Transcoding
QNAP has patched a remote code execution vulnerability affecting the QTS Media Library in all versions prior to QTS 4.2.6 build 20170905 and QTS 4.3.3.0299 build 20170901. This particular vulnerability allows a remote attacker to execute commands on a QNAP NAS using a transcoding service on port 9251. A remote user does not require any privileges to successfully execute an attack.
CVSS 9.8
CVE-2017-17560 METASPLOIT CRITICAL ruby WORKING POC
Western Digital MyCloud PR4100 2.30.172 - Unauthenticated Arbitrary File Write and RCE via Multi Uploadify
An issue was discovered on Western Digital MyCloud PR4100 2.30.172 devices. The web administration component, /web/jquery/uploader/multi_uploadify.php, provides multipart upload functionality that is accessible without authentication and can be used to place a file anywhere on the device's file system. This allows an attacker the ability to upload a PHP shell onto the device and obtain arbitrary code execution as root.
CVSS 9.8
EIP-2026-113010 EXPLOITDB text WORKING POC
vBulletin 5.6.2 - 'widget_tabbedContainer_tab_panel' Remote Code Execution
EIP-2026-113009 EXPLOITDB python WORKING POC
vBulletin 5.6.1 - 'nodeId' SQL Injection
CVE-2017-17560 EXPLOITDB CRITICAL ruby WORKING POC
Western Digital MyCloud PR4100 2.30.172 - Unauthenticated Arbitrary File Write and RCE via Multi Uploadify
An issue was discovered on Western Digital MyCloud PR4100 2.30.172 devices. The web administration component, /web/jquery/uploader/multi_uploadify.php, provides multipart upload functionality that is accessible without authentication and can be used to place a file anywhere on the device's file system. This allows an attacker the ability to upload a PHP shell onto the device and obtain arbitrary code execution as root.
CVSS 9.8
EIP-2026-101414 EXPLOITDB ruby WORKING POC
QNAP Transcode Server - Command Execution (Metasploit)
EIP-2026-101431 EXPLOITDB python WORKING POC
Samsung Smart Home Camera SNH-P-6410 - Command Injection