0x7eTeam

6 exploits Active since Feb 2022
CVE-2022-0543 NOMISEC CRITICAL WORKING POC
Redis Lua Sandbox Escape
It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.
95 stars
CVSS 10.0
CVE-2022-22947 NOMISEC CRITICAL WORKING POC
Spring Cloud Gateway Remote Code Execution
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.
36 stars
CVSS 10.0
CVE-2023-26256 NOMISEC HIGH WORKING POC
STAGIL Navigation for Jira <2.0.52 - Path Traversal
An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjFooterNavigationConfig endpoint, it is possible to traverse and read the file system.
32 stars
CVSS 7.5
CVE-2022-1388 NOMISEC CRITICAL WORKING POC
F5 BIG-IP iControl RCE via REST Authentication Bypass
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
6 stars
CVSS 9.8
CVE-2022-22916 NOMISEC CRITICAL WORKING POC
Zoneland O2oa - Remote Code Execution
O2OA v6.4.7 was discovered to contain a remote code execution (RCE) vulnerability via /x_program_center/jaxrs/invoke.
4 stars
CVSS 9.8
CVE-2022-22916 INTHEWILD CRITICAL WRITEUP
Zoneland O2oa - Remote Code Execution
O2OA v6.4.7 was discovered to contain a remote code execution (RCE) vulnerability via /x_program_center/jaxrs/invoke.
CVSS 9.8