Author: Dawid Golunski

Country: pl

Reported research: 36

Advisories

Risk	Topic & Details
High	GNU wget Arbitrary File Upload / Code Execution (CVE assigned) Remote \| 2021-04-30
High	Gita <= 2.29.2 - Remote Code Execution (RCE) via git-lfs (CVE assigned) Remote Local \| 2020-11-06
High	Vanilla Forums <= 2.3 Remote Code Execution (RCE) PoC Exploit 0day (CVE assigned) Remote \| 2017-05-12
High	WordPress Core 4.6 Unauthenticated Remote Code Execution Full Advisory (CVE assigned) Remote \| 2017-05-05
High	WordPress 4.6 Unauthenticated Remote Code Execution (RCE) PoC Exploit (CVE assigned) Remote \| 2017-05-03
High	SquirrelMail < 1.4.22 - Remote Code Execution (CVE assigned) Remote \| 2017-04-24
High	Nginx Deb Root PrivEsc Exploit (CVE assigned) Local \| 2017-01-13
High	Zend Framework / zend-mail < 2.4.11 Remote Code Execution Exploit (CVE assigned) Remote \| 2016-12-31
High	PHPMailer 5.2.17 Remote Code Execution Exploit (python) (CVE assigned) Remote \| 2016-12-30
High	SwiftMailer Remote Code Execution (CVE assigned) Remote \| 2016-12-30
High	PHPMailer < 5.2.18 Remote Code Execution (CVE assigned) Remote \| 2016-12-26
High	Nagios Core Curl Command Injection / Code Execution (CVE assigned) Remote \| 2016-12-15
Med.	GNU Wget < 1.18 - Access List Bypass / Race Condition (CVE assigned) Remote \| 2016-11-25
Med.	Nginx (Debian-Based Distros) Root Privilege Escalation (CVE assigned) Remote \| 2016-11-17
Med.	MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x 'mysql' System User Privilege Escalation (CVE assigned) Local \| 2016-11-02
Med.	MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x 'root' Privilege Escalation (CVE assigned) Local \| 2016-11-02
High	Apache Tomcat 8 / 7 / 6 Privilege Escalation (CVE assigned) Remote \| 2016-10-10
High	Tomcat packaging on Debian-based distros - Local Root Privilege Escalation (CVE assigned) Local \| 2016-10-01
High	MySQL <= 5.7/5.6/5.5 Remote Root Code Execution / Privilege Escalation (0day) (CVE assigned) Remote \| 2016-09-12
High	Adobe ColdFusion 11 XML External Entity Injection (CVE assigned) Remote \| 2016-09-08
Med.	vBulletin 5.2.2 - Preauth Server Side Request Forgery (SSRF) (CVE assigned) Remote \| 2016-08-11
High	GNU Wget Arbitrary File Upload / Potential Remote Code Execution (CVE assigned) Remote \| 2016-07-07
Low	CakePHP Framework <= 3.2.4 IP Spoofing Vulnerability Remote \| 2016-05-13
Med.	Exim < 4.86.2 Local Privilege Escalation (CVE assigned) Local \| 2016-03-11
High	Google AdWords API client libraries - XML eXternal Entity Injection (XXE) Remote \| 2015-11-09
High	eBay Magento XXE Injection Remote \| 2015-10-31
High	Kirby CMS 2.1.0 Authentication Bypass / Traversal Remote \| 2015-09-18
High	Kirby CMS 2.1.0 CSRF / Shell Upload Remote \| 2015-09-18
High	Zend Framework 2.4.2 / 1.12.13 XXE Injection (CVE assigned) Remote \| 2015-08-13
High	check_dhcp 2.0.2 (Nagios) Arbitrary Option File Read Race Condition Remote \| 2014-06-29

Author: Dawid Golunski

Country: pl

Reported research: 36

Advisories

High

GNU wget Arbitrary File Upload / Code Execution (CVE assigned)

Remote | 2021-04-30

High

Gita <= 2.29.2 - Remote Code Execution (RCE) via git-lfs (CVE assigned)

Remote Local | 2020-11-06

High

Vanilla Forums <= 2.3 Remote Code Execution (RCE) PoC Exploit 0day (CVE assigned)

Remote | 2017-05-12

High

WordPress Core 4.6 Unauthenticated Remote Code Execution Full Advisory (CVE assigned)

Remote | 2017-05-05

High

WordPress 4.6 Unauthenticated Remote Code Execution (RCE) PoC Exploit (CVE assigned)

Remote | 2017-05-03

High

SquirrelMail < 1.4.22 - Remote Code Execution (CVE assigned)

Remote | 2017-04-24

High

Nginx Deb Root PrivEsc Exploit (CVE assigned)

Local | 2017-01-13

High

Zend Framework / zend-mail < 2.4.11 Remote Code Execution Exploit (CVE assigned)

Remote | 2016-12-31

High

PHPMailer 5.2.17 Remote Code Execution Exploit (python) (CVE assigned)

Remote | 2016-12-30

High

SwiftMailer Remote Code Execution (CVE assigned)

Remote | 2016-12-30

High

PHPMailer < 5.2.18 Remote Code Execution (CVE assigned)

Remote | 2016-12-26

High

Nagios Core Curl Command Injection / Code Execution (CVE assigned)

Remote | 2016-12-15

Med.

GNU Wget < 1.18 - Access List Bypass / Race Condition (CVE assigned)

Remote | 2016-11-25

Med.

Nginx (Debian-Based Distros) Root Privilege Escalation (CVE assigned)

Remote | 2016-11-17

Med.

MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x 'mysql' System User Privilege Escalation (CVE assigned)

Local | 2016-11-02

Med.

MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x 'root' Privilege Escalation (CVE assigned)

Local | 2016-11-02

High

Apache Tomcat 8 / 7 / 6 Privilege Escalation (CVE assigned)

Remote | 2016-10-10

High

Tomcat packaging on Debian-based distros - Local Root Privilege Escalation (CVE assigned)

Local | 2016-10-01

High

MySQL <= 5.7/5.6/5.5 Remote Root Code Execution / Privilege Escalation (0day) (CVE assigned)

Remote | 2016-09-12

High

Adobe ColdFusion 11 XML External Entity Injection (CVE assigned)

Remote | 2016-09-08

Med.

vBulletin 5.2.2 - Preauth Server Side Request Forgery (SSRF) (CVE assigned)

Remote | 2016-08-11

High

GNU Wget Arbitrary File Upload / Potential Remote Code Execution (CVE assigned)

Remote | 2016-07-07

Low

CakePHP Framework <= 3.2.4 IP Spoofing Vulnerability

Remote | 2016-05-13

Med.

Exim < 4.86.2 Local Privilege Escalation (CVE assigned)

Local | 2016-03-11

High

Google AdWords API client libraries - XML eXternal Entity Injection (XXE)

Remote | 2015-11-09

High

- Twitter Link
- Website Link
- Zone-H Link
- Description of profile
- email (let us know if you want show public)