Alex Hernandez

40 exploits Active since Apr 2001
CVE-2021-21985 NOMISEC CRITICAL WORKING POC
VMware vCenter Server - Remote Code Execution via Virtual SAN Health Check Plugin
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.
215 stars
CVSS 9.8
CVE-2022-1388 NOMISEC CRITICAL WORKING POC
F5 BIG-IP iControl RCE via REST Authentication Bypass
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
87 stars
CVSS 9.8
CVE-2021-21972 NOMISEC CRITICAL SCANNER
VMware vCenter Server and Cloud Foundation - Remote Code Execution via vSphere Client Plugin
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).
54 stars
CVSS 9.8
CVE-2022-22965 NOMISEC CRITICAL WORKING POC
Spring Framework - Remote Code Execution via Data Binding
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
17 stars
CVSS 9.8
CVE-2021-21972 GITLAB CRITICAL SCANNER
VMware vCenter Server and Cloud Foundation - Remote Code Execution via vSphere Client Plugin
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).
CVSS 9.8
CVE-2021-21985 GITLAB CRITICAL WORKING POC
VMware vCenter Server - Remote Code Execution via Virtual SAN Health Check Plugin
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.
CVSS 9.8
CVE-2001-0934 NOMISEC WRITEUP
Cooolsoft PowerFTP Server 2.03 - Info Disclosure
Cooolsoft PowerFTP Server 2.03 allows remote attackers to obtain the physical path of the server root via the pwd command, which lists the full pathname.
CVE-2001-0758 NOMISEC WRITEUP
Shambala 4.5 - Directory Traversal via CWD Command
Directory traversal vulnerability in Shambala 4.5 allows remote attackers to escape the FTP root directory via "CWD ..." command.
CVE-2001-0931 NOMISEC WRITEUP
Cooolsoft PowerFTP Server 2.03 - Directory Traversal via LS or GET Command
Directory traversal vulnerability in Cooolsoft PowerFTP Server 2.03 allows attackers to list or read arbitrary files and directories via a .. (dot dot) in (1) LS or (2) GET.
CVE-2001-0933 NOMISEC WRITEUP
Cooolsoft PowerFTP Server 2.03 - Info Disclosure
Cooolsoft PowerFTP Server 2.03 allows remote attackers to list the contents of arbitrary drives via a ls (LIST) command that includes the drive letter as an argument, e.g. "ls C:".
CVE-2001-1442 NOMISEC WORKING POC
ISC InterNetNews <2.3.0 - Privilege Escalation
Buffer overflow in innfeed for ISC InterNetNews (INN) before 2.3.0 allows local users in the "news" group to gain privileges via a long -c command line argument.
CVE-2002-0200 NOMISEC WRITEUP
Cyberstop Web Server 0.1 - Denial of Service via MS-DOS Device Name Request
Cyberstop Web Server for Windows 0.1 allows remote attackers to cause a denial of service via an HTTP request for an MS-DOS device name.
CVE-2002-0201 NOMISEC WORKING POC
Cyberstop Web Server 0.1 - Denial of Service via Long HTTP GET Request
Cyberstop Web Server for Windows 0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request, possibly triggering a buffer overflow.
CVE-2002-0346 NOMISEC WRITEUP
Cobalt RAQ 4 - Cross-Site Scripting via service.cgi or alert.cgi
Cross-site scripting vulnerability in Cobalt RAQ 4 allows remote attackers to execute arbitrary script as other Cobalt users via Javascript in a URL to (1) service.cgi or (2) alert.cgi.
CVE-2002-0347 NOMISEC WRITEUP
Cobalt RAQ 4 - Directory Traversal via Dot-Dot in HTTP Request
Directory traversal vulnerability in Cobalt RAQ 4 allows remote attackers to read password-protected files, and possibly files outside the web root, via a .. (dot dot) in an HTTP request.
CVE-2002-0348 NOMISEC WORKING POC
Cobalt RAQ 4 - Denial of Service and Possible Remote Code Execution via Long Service Argument
service.cgi in Cobalt RAQ 4 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long service argument.
CVE-2002-0740 NOMISEC WORKING POC
slrn - Local Privilege Escalation via Long -d Argument
Buffer overflow in slrnpull for the SLRN package, when installed setuid or setgid, allows local users to gain privileges via a long -d (SPOOLDIR) argument.
CVE-2002-0991 NOMISEC WORKING POC
HP CIFS/9000 Client <= A.01.06 - Local Buffer Overflow via Long Command Parameters
Buffer overflows in the cifslogin command for HP CIFS/9000 Client A.01.06 and earlier, based on the Sharity package, allows local users to gain root privileges via long (1) -U, (2) -D, (3) -P, (4) -S, (5) -N, or (6) -u parameters.
CVE-2007-3830 NOMISEC WRITEUP
ISS Proventia Network IPS GX5008 and GX5108 - Cross-Site Scripting via Alert Reminder Parameter
Cross-site scripting (XSS) vulnerability in alert.php in ISS Proventia Network IPS GX5108 1.3 and GX5008 1.5 allows remote attackers to inject arbitrary web script or HTML via the reminder parameter.
CVE-2007-3831 NOMISEC WRITEUP
IBM Proventia Network IPS GX5008 1.5 and GX5108 1.3 - Remote File Inclusion via main.php page Parameter
PHP remote file inclusion in main.php in ISS Proventia Network IPS GX5108 1.3 and GX5008 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
CVE-2007-5036 NOMISEC WRITEUP
AirDefense Airsensor M520 4.3.1.1 and 4.4.1.4 - Authenticated Denial of Service via Crafted HTTPS Query String
Multiple buffer overflows in the AirDefense Airsensor M520 with firmware 4.3.1.1 and 4.4.1.4 allow remote authenticated users to cause a denial of service (HTTPS service outage) via a crafted query string in an HTTPS request to (1) adLog.cgi, (2) post.cgi, or (3) ad.cgi, related to the "files filter."
CVE-2007-6638 NOMISEC WRITEUP
March Networks DVR 3204 - Info Disclosure
March Networks DVR 3204 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, passwords, device names, and IP addresses via a direct request for scripts/logfiles.tar.gz.
CVE-2009-4118 NOMISEC WRITEUP
Cisco VPN client for Windows <5.0.06.0100 - DoS
The StartServiceCtrlDispatcher function in the cvpnd service (cvpnd.exe) in Cisco VPN client for Windows before 5.0.06.0100 does not properly handle an ERROR_FAILED_SERVICE_CONTROLLER_CONNECT error, which allows local users to cause a denial of service (service crash and VPN connection loss) via a manual start of cvpnd.exe while the cvpnd service is running.
CVE-2001-0680 NOMISEC WRITEUP
QPC QVT/Net 4.0 and AVT/Term 5.0 - Directory Traversal via LIST Command
Directory traversal vulnerability in ftpd in QPC QVT/Net 4.0 and AVT/Term 5.0 allows a remote attacker to traverse directories on the web server via a "dot dot" attack in a LIST (ls) command.
CVE-2002-0289 EXPLOITDB c WORKING POC
Phusion Web Server 1.0 - Buffer Overflow via Long HTTP Request
Buffer overflow in Phusion web server 1.0 allows remote attackers to cause a denial of service and execute arbitrary code via a long HTTP request.