Alex Hernandez aka (@_alt3kx_)

14 exploits Active since Nov 2001
CVE-2023-24055 NOMISEC MEDIUM WORKING POC
KeePass <2.53 - Info Disclosure
KeePass through 2.53 (in a default installation) allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. NOTE: the vendor's position is that the password database is not intended to be secure against an attacker who has that level of access to the local PC.
255 stars
CVSS 5.5
CVE-2021-26084 NOMISEC CRITICAL WRITEUP
Atlassian Confluence Server and Data Center - OGNL Injection
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.
54 stars
CVSS 9.8
CVE-2018-12463 NOMISEC CRITICAL WRITEUP
Fortify SSC <18.1 - SSRF
An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.
5 stars
CVSS 9.8
CVE-2019-10685 NOMISEC MEDIUM WRITEUP
Heidelberg Prinect Archiver - XSS
A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Heidelberg Prinect Archiver v2013 release 1.0.
2 stars
CVSS 6.1
CVE-2018-7690 NOMISEC MEDIUM WRITEUP
Micro Focus Fortify SSC <18.10 - RCE
A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access
1 stars
CVSS 6.5
CVE-2018-7691 NOMISEC MEDIUM WRITEUP
Micro Focus Fortify SSC <18.10 - RCE
A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access
1 stars
CVSS 6.5
CVE-2018-10732 NOMISEC MEDIUM WRITEUP
Dataiku Data Science Studio < 4.2.3 - Information Disclosure
The REST API in Dataiku DSS before 4.2.3 allows remote attackers to obtain sensitive information (i.e., determine if a username is valid) because of profile pictures visibility.
CVSS 5.3
CVE-2018-12596 NOMISEC CRITICAL WRITEUP
Episerver Ektron Cms - Improper Privilege Management
Episerver Ektron CMS before 9.0 SP3 Site CU 31, 9.1 before SP3 Site CU 45, or 9.2 before SP2 Site CU 22 allows remote attackers to call aspx pages via the "activateuser.aspx" page, even if a page is located under the /WorkArea/ path, which is forbidden (normally available exclusively for local admins).
CVSS 9.8
CVE-2002-0448 NOMISEC STUB
Xerver < 2.10 - Denial of Service
Xerver Free Web Server 2.10 and earlier allows remote attackers to cause a denial of service (crash) via an HTTP request that contains many "C:/" sequences.
CVE-2002-0288 NOMISEC STUB
Bbshareware.com Phusion Webserver - Path Traversal
Directory traversal vulnerability in Phusion web server 1.0 allows remote attackers to read arbitrary files via a ... (triple dot dot) in the HTTP request.
CVE-2004-2549 NOMISEC STUB
Nortel WLAN AP - DoS
Nortel Wireless LAN (WLAN) Access Point (AP) 2220, 2221, and 2225 allow remote attackers to cause a denial of service (service crash) via a TCP request with a large string, followed by 8 newline characters, to (1) the Telnet service on TCP port 23 and (2) the HTTP service on TCP port 80, possibly due to a buffer overflow.
CVE-2008-6827 NOMISEC HIGH STUB
Symantec Altiris Deployment Solution - Missing Authentication
The ListView control in the Client GUI (AClient.exe) in Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 allows local users to gain SYSTEM privileges and execute arbitrary commands via a "Shatter" style attack on the "command prompt" hidden GUI button to (1) overwrite the CommandLine parameter to cmd.exe to use SYSTEM privileges and (2) modify the DLL that is loaded using the LoadLibrary API function.
CVSS 7.8
CVE-2001-0932 NOMISEC STUB
Cooolsoft Powerftp - Buffer Overflow
Buffer overflow in Cooolsoft PowerFTP Server 2.03 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long command.
CVE-2002-0289 NOMISEC STUB
Bbshareware.com Phusion Webserver - Buffer Overflow
Buffer overflow in Phusion web server 1.0 allows remote attackers to cause a denial of service and execute arbitrary code via a long HTTP request.