0xEmma

7 exploits Active since Feb 2020
CVE-2020-9337 GITHUB MEDIUM WRITEUP
Golfbuddyglobal Course Manager - Information Disclosure
In GolfBuddy Course Manager 1.1, passwords are sent (with base64 encoding) via a GET request.
4 stars
CVSS 6.5
CVE-2020-8510 GITHUB CRITICAL WRITEUP
phpABook 0.9 Intermediate - Auth Bypass
An issue was discovered in phpABook 0.9 Intermediate. On the login page, if one sets a userInfo cookie with the value of admin+1+en (user+perms+lang), one can login as any user without a password.
4 stars
CVSS 9.8
CVE-2020-9336 WRITEUP MEDIUM WRITEUP
Fauzantrif Election - XSS
fauzantrif eLection 2.0 has XSS via the Admin Dashboard -> Settings -> Election -> "message if election is closed" field.
CVSS 5.4
CVE-2020-9337 WRITEUP MEDIUM WRITEUP
Golfbuddyglobal Course Manager - Information Disclosure
In GolfBuddy Course Manager 1.1, passwords are sent (with base64 encoding) via a GET request.
CVSS 6.5
CVE-2020-9338 WRITEUP MEDIUM WRITEUP
Soplanning - XSS
SOPlanning 1.45 allows XSS via the "Your SoPlanning url" field.
CVSS 5.4
CVE-2020-9339 WRITEUP MEDIUM WRITEUP
Soplanning - XSS
SOPlanning 1.45 allows XSS via the Name or Comment to status.php.
CVSS 5.4
CVE-2020-12242 EXPLOITDB HIGH text WORKING POC
Valvesoftware Source - OS Command Injection
Valve Source allows local users to gain privileges by writing to the /tmp/hl2_relaunch file, which is later executed in the context of a different user account.
CVSS 7.8