Author: h00die

Country:

Reported research: 34

Advisories

Risk	Topic & Details
High	WordPress Pie Register 3.7.1.4 Authentication Bypass / Remote Code Execution Remote \| 2021-11-02
High	Moodle Admin Shell Upload Remote \| 2021-10-12
High	Moodle SpellChecker Path Authenticated Remote Command Execution (CVE assigned) Remote \| 2021-10-12
Med.	Moodle Teacher Enrollment Privilege Escalation / Remote Code Execution (CVE assigned) Remote \| 2021-10-12
Med.	Pi-Hole Remove Commands Linux Privilege Escalation Local \| 2021-08-01
High	Cacti 1.2.12 SQL Injection / Remote Command Execution Remote \| 2021-06-02
High	Cockpit CMS 0.11.1 NoSQL Injection / Remote Command Execution (CVE assigned) Remote \| 2021-04-21
High	WordPress AIT CSV Import/Export 3.0.3 Shell Upload Remote \| 2021-01-13
High	Pulse Secure VPN Remote Code Execution Remote \| 2020-12-19
Low	WordPress Simple File List Unauthenticated Remote Code Execution Remote \| 2020-11-25
High	Plex Unpickle Dict Windows Remote Code Execution Remote \| 2020-07-18
High	Pi-Hole 3.3 Command Execution Local \| 2020-05-27
High	Synology DiskStation Manager smart.cgi Remote Command Execution Remote \| 2020-05-23
Med.	VMware Fusion USB Arbitrator Setuid Privilege Escalation Local \| 2020-04-03
Med.	Android Janus APK Signature bypass (CVE assigned) Local \| 2019-11-08
High	Apache Tika 1.17 Header Command Injection Remote \| 2019-08-03
High	PHP imap_open Remote Code Execution Remote \| 2018-11-29
Med.	Unitrends Enterprise Backup bpserverd Privilege Escalation Local \| 2018-11-29
Med.	Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation (CVE assigned) Remote \| 2018-08-03
Med.	Linux BPF Sign Extension Local Privilege Escalation (CVE assigned) Local \| 2018-07-19
High	IPFire proxy.cgi Remote Code Execution Remote \| 2017-07-22
Med.	Linux BPF Local Privilege Escalation Exploit (CVE assigned) Local \| 2016-11-15
Med.	Panda Security PSEvents Privilege Escalation Local \| 2016-10-23
Med.	Linux Kernel 3.13.1 Recvmmsg Privilege Escalation (CVE assigned) Local \| 2016-10-10
Med.	Allwinner 3.4 Legacy Kernel Local Privilege Escalation Local \| 2016-10-10
Med.	Metasploit Service Persistence Module Local \| 2016-08-19
Med.	Metasploit Cron Persistence Module Local \| 2016-08-19
High	Netcore Router Udp 53413 Backdoor Remote \| 2016-08-11
High	Polycom Command Shell Authorization Bypass Remote \| 2016-08-03
High	Werkzeug Debug Shell Command Execution Remote \| 2015-08-18

Author: h00die

Reported research: 34

Advisories

High

Remote | 2021-11-02

High

Remote | 2021-10-12

High

Moodle SpellChecker Path Authenticated Remote Command Execution (CVE assigned)

Remote | 2021-10-12

Med.

Moodle Teacher Enrollment Privilege Escalation / Remote Code Execution (CVE assigned)

Remote | 2021-10-12

Med.

Local | 2021-08-01

High

Remote | 2021-06-02

High

Cockpit CMS 0.11.1 NoSQL Injection / Remote Command Execution (CVE assigned)

Remote | 2021-04-21

High

Remote | 2021-01-13

High

Remote | 2020-12-19

Low

Remote | 2020-11-25

High

Remote | 2020-07-18

High

Local | 2020-05-27

High

Remote | 2020-05-23

Med.

Local | 2020-04-03

Med.

Android Janus APK Signature bypass (CVE assigned)

Local | 2019-11-08

High

Remote | 2019-08-03

High

Remote | 2018-11-29

Med.

Local | 2018-11-29

Med.

Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation (CVE assigned)

Remote | 2018-08-03

Med.

Linux BPF Sign Extension Local Privilege Escalation (CVE assigned)

Local | 2018-07-19

High

Remote | 2017-07-22

Med.

Linux BPF Local Privilege Escalation Exploit (CVE assigned)

Local | 2016-11-15

Med.

Local | 2016-10-23

Med.

Linux Kernel 3.13.1 Recvmmsg Privilege Escalation (CVE assigned)

Local | 2016-10-10

Med.

Local | 2016-10-10

Med.

Local | 2016-08-19

Med.

Local | 2016-08-19

High

Remote | 2016-08-11

High

Remote | 2016-08-03

High

Remote | 2015-08-18

Do you know.. we can display your:

- Twitter Link - Website Link - Zone-H Link - Description of profile - email (let us know if you want show public)

Let's us know! submit@cxsec.org

- Twitter Link
- Website Link
- Zone-H Link
- Description of profile
- email (let us know if you want show public)