0xrobiul

5 exploits Active since Aug 2018
CVE-2023-38646 NOMISEC CRITICAL WORKING POC
Metabase < 0.46.6.1 and < 1.46.6.1 - Unauthenticated Remote Code Execution
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.
15 stars
CVSS 9.8
CVE-2021-41349 NOMISEC MEDIUM WRITEUP
Microsoft Exchange Server - Spoofing
Microsoft Exchange Server Spoofing Vulnerability
5 stars
CVSS 6.5
CVE-2022-22965 NOMISEC CRITICAL WORKING POC
Spring Framework - Remote Code Execution via Data Binding
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
3 stars
CVSS 9.8
CVE-2023-49070 NOMISEC CRITICAL WORKING POC
Apache OFBiz < 18.12.10 - Unauthenticated Remote Code Execution via XML-RPC
Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10.  Users are recommended to upgrade to version 18.12.10
1 stars
CVSS 9.8
CVE-2018-15473 NOMISEC MEDIUM WORKING POC
OpenSSH < 7.7 - User Enumeration via Authentication Request Timing
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
1 stars
CVSS 5.3