Vulnerabilities and exploits
This is a partial list of CVE that have my name attached to it, as well as some exploits that I have written.
CVE
2020
-
CVE-2020-12627: Calibre-Web 0.6.6 allows authentication bypass because of the
A0Zr98j/3yX R~XHH!jmN]LWX/,?RT
hardcoded secret key, likely leading to an RCE.
(fix)
2019
-
CVE-2019-20907: In Lib/tarfile.py in Python through 3.8.3,
an attacker is able to craft a TAR archive leading to an infinite loop when opened by
tarfile.open
,
because _proc_pax
lacks header validation.
(bug)
-
CVE-2019-10907: Password stored as md5 in the remember-me cookie in airsonic
(fix)
-
CVE-2019-10908: Lack of randomness when generating passwords in airsonic
(fix)
2014
-
CVE-2014-4731: Non-constant time comparison in FreeRADIUS EAP-PWD implementation
(fix)
-
CVE-2014-4732: Cryptographic material might be left behind in FreeRADIUM EAP-PWD implementation
(fix)
-
CVE-2014-4733: Lack of check for sufficient randomness in FreeRADIUS EAP-PWD implementation
(fix)
2013
-
CVE-2013-7351: Multiple reflected XSS in Shaarli
(fix)
Original exploits and vulnz
2019
-
no CVE: A significant amount of stored/reflected/DOM XSS in airsonic
(fixes)
-
no CVE: Authenticated path traversal leading to an RCE in airsonic
(fixes)
2017
-
no CVE: LibreNMS unauthenticated remote code execution, not even sure if fixed
(exploit)
-
no CVE: Authentication bypass in Baikal,
~silently
fixed
(details)
-
no CVE: Authenticated arbitrary code execution Baikal,
(details)
2016
-
no CVE: Observium is terrible, not even sure if fixed
(exploit)
Metasploit modules
2017
-
CVE-2017-7615: Unauthenticated password reset in MantisBT
(exploit)
-
CVE-2017-5982: Arbitrary file read in Kodi
(exploit)
2015
-
CVE-2014-0476: Local root in chkrootkit
(exploit)
-
CVE-2015-7808: Unauthenticated remote code execution in vBulletin
(exploit)
-
CVE-2015-5161: Unauthenticated arbitrary file read in Magento
(exploit)
-
CVE-2015-1397: Unauthenticated remote code execution in Magento
(exploit)