0xEmma

7 exploits Active since Feb 2020
CVE-2020-9337 GITHUB MEDIUM WRITEUP
GolfBuddy Course Manager 1.1 - Inadequate Encryption Strength via Base64-Encoded Password Transmission
In GolfBuddy Course Manager 1.1, passwords are sent (with base64 encoding) via a GET request.
4 stars
CVSS 6.5
CVE-2020-8510 GITHUB CRITICAL WRITEUP
phpABook 0.9 Intermediate - Auth Bypass
An issue was discovered in phpABook 0.9 Intermediate. On the login page, if one sets a userInfo cookie with the value of admin+1+en (user+perms+lang), one can login as any user without a password.
4 stars
CVSS 9.8
CVE-2020-9336 WRITEUP MEDIUM WRITEUP
fauzantrif eLection 2.0 - Stored Cross-Site Scripting via Election Closed Message Field
fauzantrif eLection 2.0 has XSS via the Admin Dashboard -> Settings -> Election -> "message if election is closed" field.
CVSS 5.4
CVE-2020-9337 WRITEUP MEDIUM WRITEUP
GolfBuddy Course Manager 1.1 - Inadequate Encryption Strength via Base64-Encoded Password Transmission
In GolfBuddy Course Manager 1.1, passwords are sent (with base64 encoding) via a GET request.
CVSS 6.5
CVE-2020-9338 WRITEUP MEDIUM WRITEUP
soplanning 1.45 - Stored Cross-Site Scripting via Your SoPlanning URL Field
SOPlanning 1.45 allows XSS via the "Your SoPlanning url" field.
CVSS 5.4
CVE-2020-9339 WRITEUP MEDIUM WRITEUP
SOPlanning 1.45 - Stored Cross-Site Scripting via Status Name or Comment
SOPlanning 1.45 allows XSS via the Name or Comment to status.php.
CVSS 5.4
CVE-2020-12242 EXPLOITDB HIGH text WORKING POC
Valve Source - Local Privilege Escalation via /tmp/hl2_relaunch File Execution
Valve Source allows local users to gain privileges by writing to the /tmp/hl2_relaunch file, which is later executed in the context of a different user account.
CVSS 7.8