0xhaggis

8 exploits Active since Jul 2021
CVE-2022-42475 NOMISEC CRITICAL WORKING POC
FortiOS 5.0.0-5.0.13 and FortiProxy 1.0.0-1.0.6 - Heap-Based Buffer Overflow via SSL-VPN Requests
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.
36 stars
CVSS 9.8
CVE-2021-44168 NOMISEC LOW WORKING POC
FortiOS < 6.0.14 - Authenticated Arbitrary File Write via Restore Command
A download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS before 7.0.3 may allow a local authenticated attacker to download arbitrary files on the device via specially crafted update packages.
21 stars
CVSS 3.3
CVE-2021-45468 NOMISEC CRITICAL WORKING POC
Imperva Web Application Firewall < 2021-12-23 - Unauthenticated HTTP Request Smuggling via Gzip Content-Encoding
Imperva Web Application Firewall (WAF) before 2021-12-23 allows remote unauthenticated attackers to use "Content-Encoding: gzip" to evade WAF security controls and send malicious HTTP POST requests to web servers behind the WAF.
5 stars
CVSS 9.8
CVE-2021-3064 NOMISEC CRITICAL WORKING POC
Palo Alto Networks <8.1.17 - Memory Corruption
A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges. The attacker must have network access to the GlobalProtect interface to exploit this issue. This issue impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.17. Prisma Access customers are not impacted by this issue.
1 stars
CVSS 9.8
CVE-2021-35211 NOMISEC CRITICAL WRITEUP
SolarWinds Serv-U <15.2.3 HF2 - RCE
Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP for Windows before 15.2.3 HF2 are affected by this vulnerability.
1 stars
CVSS 9.0
CVE-2021-35211 VULNCHECK_XDB CRITICAL WORKING POC
SolarWinds Serv-U <15.2.3 HF2 - RCE
Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP for Windows before 15.2.3 HF2 are affected by this vulnerability.
CVSS 9.0
CVE-2021-35211 INTHEWILD CRITICAL WORKING POC
SolarWinds Serv-U <15.2.3 HF2 - RCE
Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP for Windows before 15.2.3 HF2 are affected by this vulnerability.
CVSS 9.0
CVE-2021-44186 INTHEWILD LOW WORKING POC
Adobe Bridge < 11.1.2 and 12.0 - Out-of-bounds Read via Malicious SGI File
Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious SGI file.
CVSS 3.3