Alex Seymour

5 exploits Active since Mar 2020
CVE-2021-25281 NOMISEC CRITICAL WORKING POC
SaltStack Salt < 3002.5 - Unauthenticated Remote Command Execution via wheel_async Client
An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master.
27 stars
CVSS 9.8
CVE-2020-10560 NOMISEC MEDIUM WORKING POC
Open Source Social Network < 5.3 - Arbitrary File Read via Weak PRNG in SiteKey
An issue was discovered in Open Source Social Network (OSSN) through 5.3. A user-controlled file path with a weak cryptographic rand() can be used to read any file with the permissions of the webserver. This can lead to further compromise. The attacker must conduct a brute-force attack against the SiteKey to insert into a crafted URL for components/OssnComments/ossn_com.php and/or libraries/ossn.lib.upgrade.php.
3 stars
CVSS 5.9
CVE-2021-38647 NOMISEC CRITICAL WORKING POC
Microsoft OMI Management Interface Authentication Bypass
Open Management Infrastructure Remote Code Execution Vulnerability
2 stars
CVSS 9.8
CVE-2020-10560 INTHEWILD MEDIUM WORKING POC
Open Source Social Network < 5.3 - Arbitrary File Read via Weak PRNG in SiteKey
An issue was discovered in Open Source Social Network (OSSN) through 5.3. A user-controlled file path with a weak cryptographic rand() can be used to read any file with the permissions of the webserver. This can lead to further compromise. The attacker must conduct a brute-force attack against the SiteKey to insert into a crafted URL for components/OssnComments/ossn_com.php and/or libraries/ossn.lib.upgrade.php.
CVSS 5.9
CVE-2021-25281 METASPLOIT CRITICAL ruby WORKING POC
SaltStack Salt < 3002.5 - Unauthenticated Remote Command Execution via wheel_async Client
An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheel_async client. Thus, an attacker can remotely run any wheel modules on the master.
CVSS 9.8