Alex Hernandez aka (@_alt3kx_)

14 exploits Active since Nov 2001
CVE-2023-24055 NOMISEC MEDIUM WORKING POC
KeePass < 2.53 - Cleartext Password Exposure via Export Trigger
KeePass through 2.53 (in a default installation) allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. NOTE: the vendor's position is that the password database is not intended to be secure against an attacker who has that level of access to the local PC.
255 stars
CVSS 5.5
CVE-2021-26084 NOMISEC CRITICAL WRITEUP
Atlassian Confluence Server and Data Center - OGNL Injection
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.
54 stars
CVSS 9.8
CVE-2018-12463 NOMISEC CRITICAL WRITEUP
HP Fortify Software Security Center 17.1, 17.2, 18.1 - Unauthenticated XML External Entity Injection via Crafted DTD
An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.
5 stars
CVSS 9.8
CVE-2019-10685 NOMISEC MEDIUM WRITEUP
Heidelberg Prinect Archiver v2013 release 1.0 - Reflected Cross-Site Scripting
A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Heidelberg Prinect Archiver v2013 release 1.0.
2 stars
CVSS 6.1
CVE-2018-7690 NOMISEC MEDIUM WRITEUP
Micro Focus Fortify SSC <18.10 - RCE
A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access
1 stars
CVSS 6.5
CVE-2018-7691 NOMISEC MEDIUM WRITEUP
Micro Focus Fortify SSC <18.10 - RCE
A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access
1 stars
CVSS 6.5
CVE-2018-10732 NOMISEC MEDIUM WRITEUP
Dataiku Data Science Studio < 4.2.3 - Unauthenticated Sensitive Information Exposure via Profile Picture Visibility
The REST API in Dataiku DSS before 4.2.3 allows remote attackers to obtain sensitive information (i.e., determine if a username is valid) because of profile pictures visibility.
CVSS 5.3
CVE-2018-12596 NOMISEC CRITICAL WRITEUP
Episerver Ektron CMS < 9.0 SP3 CU 31 / 9.1 < SP3 CU 45 / 9.2 < SP2 CU 22 - Unauthenticated Privilege Escalation
Episerver Ektron CMS before 9.0 SP3 Site CU 31, 9.1 before SP3 Site CU 45, or 9.2 before SP2 Site CU 22 allows remote attackers to call aspx pages via the "activateuser.aspx" page, even if a page is located under the /WorkArea/ path, which is forbidden (normally available exclusively for local admins).
CVSS 9.8
CVE-2002-0448 NOMISEC STUB
Xerver < 2.10 - Denial of Service via HTTP Request with Repeated C:/ Sequences
Xerver Free Web Server 2.10 and earlier allows remote attackers to cause a denial of service (crash) via an HTTP request that contains many "C:/" sequences.
CVE-2002-0288 NOMISEC STUB
Phusion Web Server 1.0 - Directory Traversal via Triple Dot Sequence
Directory traversal vulnerability in Phusion web server 1.0 allows remote attackers to read arbitrary files via a ... (triple dot dot) in the HTTP request.
CVE-2004-2549 NOMISEC STUB
Nortel WLAN Access Point 2220, 2221, 2225 - Denial of Service via TCP Request with Large String and Newlines
Nortel Wireless LAN (WLAN) Access Point (AP) 2220, 2221, and 2225 allow remote attackers to cause a denial of service (service crash) via a TCP request with a large string, followed by 8 newline characters, to (1) the Telnet service on TCP port 23 and (2) the HTTP service on TCP port 80, possibly due to a buffer overflow.
CVE-2008-6827 NOMISEC HIGH STUB
Symantec Altiris Deployment Solution 6.0-6.9.355 - Local Privilege Escalation via Shatter Attack on AClient.exe
The ListView control in the Client GUI (AClient.exe) in Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 allows local users to gain SYSTEM privileges and execute arbitrary commands via a "Shatter" style attack on the "command prompt" hidden GUI button to (1) overwrite the CommandLine parameter to cmd.exe to use SYSTEM privileges and (2) modify the DLL that is loaded using the LoadLibrary API function.
CVSS 7.8
CVE-2001-0932 NOMISEC STUB
Cooolsoft PowerFTP Server 2.03 - Buffer Overflow via Long Command
Buffer overflow in Cooolsoft PowerFTP Server 2.03 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long command.
CVE-2002-0289 NOMISEC STUB
Phusion Web Server 1.0 - Buffer Overflow via Long HTTP Request
Buffer overflow in Phusion web server 1.0 allows remote attackers to cause a denial of service and execute arbitrary code via a long HTTP request.