Aleksey Vistorobskiy - Security Researcher - Exploit Intelligence Platform

CVE-2023-47460 NOMISEC HIGH WRITEUP

Knovos Discovery 22.67.0 - SQL Injection via Admin.svc/getGridColumnStructure

SQL injection vulnerability in Knovos Discovery v.22.67.0 allows a remote attacker to execute arbitrary code via the /DiscoveryProcess/Service/Admin.svc/getGridColumnStructure component.

1 stars

CVSS 8.8

View Code

CVE-2024-40324 NOMISEC MEDIUM WRITEUP

E-Staff <5.1 - HTTP Response Splitting

A CRLF injection vulnerability in E-Staff v5.1 allows attackers to insert Carriage Return (CR) and Line Feed (LF) characters into input fields, leading to HTTP response splitting and header manipulation.

CVSS 5.4

View Code

CVE-2023-47459 NOMISEC MEDIUM WRITEUP

Knovos Discovery <22.67.0 - Info Disclosure

An issue in Knovos Discovery v.22.67.0 allows a remote attacker to obtain sensitive information via the /DiscoveryReview/Service/CaseManagement.svc/GetProductSiteName component.

CVSS 6.5

View Code