9lyph

5 exploits Active since Jun 2019
CVE-2022-29593 NOMISEC MEDIUM WORKING POC
Dingtian DT-R002 3.1.276A - Unauthenticated Authentication Bypass via HTTP Request Replay
relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1.276A allows an attacker to replay HTTP post requests without the need for authentication or a valid signed/authorized request.
8 stars
CVSS 5.9
CVE-2019-12836 NOMISEC HIGH WRITEUP
Bobronix JEditor < 3.0.6 - Cross-Site Request Forgery via URL/Link in Issue
The Bobronix JEditor editor before 3.0.6 for Jira allows an attacker to add a URL/Link (to an existing issue) that can cause forgery of a request to an out-of-origin domain. This in turn may allow for a forged request that can be invoked in the context of an authenticated user, leading to stealing of session tokens and account takeover.
7 stars
CVSS 8.8
CVE-2020-27199 NOMISEC HIGH WORKING POC
Magic Home Pro 1.5.1 - Authentication Bypass via Username Enumeration
The Magic Home Pro application 1.5.1 for Android allows Authentication Bypass. The security control that the application currently has in place is a simple Username and Password authentication function. Using enumeration, an attacker is able to forge a User specific token without the need for correct password to gain access to the mobile application as that victim user.
6 stars
CVSS 7.5
CVE-2022-43704 NOMISEC MEDIUM WORKING POC
Sinilink XY-WFT1 WiFi Remote Thermostat <1.3.6 - Auth Bypass
The Sinilink XY-WFT1 WiFi Remote Thermostat, running firmware 1.3.6, allows an attacker to bypass the intended requirement to communicate using MQTT. It is possible to replay Sinilink aka SINILINK521 protocol (udp/1024) commands interfacing directly with the target device. This, in turn, allows for an attack to control the onboard relay without requiring authentication via the mobile application. This might result in an unacceptable temperature within the target device's physical environment.
5 stars
CVSS 5.9
CVE-2021-45901 NOMISEC MEDIUM WORKING POC
ServiceNow Orlando - Info Disclosure
The password-reset form in ServiceNow Orlando provides different responses to invalid authentication attempts depending on whether the username exists.
1 stars
CVSS 5.3