0xSojalSec

5 exploits Active since Mar 2018
CVE-2022-1609 NOMISEC CRITICAL WORKING POC
Weblizar School Management < 9.9.7 - Code Injection
The School Management WordPress plugin before 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site.
3 stars
CVSS 9.8
CVE-2017-17736 NOMISEC CRITICAL STUB
Kentico - Installer Privilege Escalation
Kentico 9.0 before 9.0.51 and 10.0 before 10.0.48 allows remote attackers to obtain Global Administrator access by visiting CMSInstall/install.aspx and then navigating to the CMS Administration Dashboard.
2 stars
CVSS 9.8
CVE-2022-1609 NOMISEC CRITICAL WORKING POC
Weblizar School Management < 9.9.7 - Code Injection
The School Management WordPress plugin before 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site.
CVSS 9.8
CVE-2011-2523 NOMISEC CRITICAL WORKING POC
Vsftpd - OS Command Injection
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
CVSS 9.8
CVE-2011-2523 NOMISEC CRITICAL WORKING POC
Vsftpd - OS Command Injection
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
CVSS 9.8