AC8999

6 exploits Active since Jan 2010
CVE-2009-3999 NOMISEC WORKING POC
HP Power Manager <4.2.10 - Buffer Overflow
Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to execute arbitrary code via a long fileName parameter.
CVE-2026-29053 NOMISEC HIGH WORKING POC
Ghost 0.7.2-6.19.0 - Code Injection
Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in version 6.19.1.
CVSS 7.6
CVE-2018-9276 NOMISEC HIGH WORKING POC
PRTG Network Monitor < 18.2.39 - Authenticated OS Command Injection via Sensor or Notification Parameters
An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administrator web console with administrative privileges can exploit an OS command injection vulnerability (both on the server and on devices) by sending malformed parameters in sensor or notification management scenarios.
CVSS 7.2
CVE-2025-49113 NOMISEC CRITICAL WORKING POC
Roundcube Webmail < 1.5.10 and 1.6.x < 1.6.11 - Authenticated Remote Code Execution via PHP Object Deserialization
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.
CVSS 9.9
CVE-2025-24071 NOMISEC MEDIUM WORKING POC
Windows File Explorer - Exposure of Sensitive Information to an Unauthorized Actor
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.
CVSS 6.5
CVE-2025-32463 NOMISEC CRITICAL WORKING POC
Sudo <1.9.17p1 - Privilege Escalation
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
CVSS 9.3