Amar Kaldate

7 exploits Active since Jun 2020
CVE-2020-13158 NOMISEC HIGH WRITEUP
Artica Proxy <4.30.000000 - Path Traversal
Artica Proxy before 4.30.000000 Community Edition allows Directory Traversal via the fw.progrss.details.php popup parameter.
1 stars
CVSS 7.5
CVE-2020-10129 NOMISEC HIGH WRITEUP
Searchblox < 9.2.1 - Improper Privilege Management
SearchBlox before Version 9.2.1 is vulnerable to Privileged Escalation-Lower user is able to access Admin functionality.
CVSS 8.8
CVE-2020-10130 NOMISEC HIGH WRITEUP
Searchblox < 9.1 - IDOR
SearchBlox before Version 9.1 is vulnerable to business logic bypass where the user is able to create multiple super admin users in the system.
CVSS 8.8
CVE-2020-10128 NOMISEC MEDIUM WRITEUP
Searchblox < 9.2.1 - XSS
SearchBlox product with version before 9.2.1 is vulnerable to stored cross-site scripting at multiple user input parameters. In SearchBlox products multiple parameters are not sanitized/validate properly which allows an attacker to inject malicious JavaScript.
CVSS 5.4
CVE-2020-10132 NOMISEC MEDIUM WRITEUP
Searchblox < 9.1 - XSS
SearchBlox before Version 9.1 is vulnerable to cross-origin resource sharing misconfiguration.
CVSS 6.1
CVE-2020-13159 NOMISEC CRITICAL WRITEUP
Artica Proxy <4.30.000000 - Command Injection
Artica Proxy before 4.30.000000 Community Edition allows OS command injection via the Netbios name, Server domain name, dhclient_mac, Hostname, or Alias field. NOTE: this may overlap CVE-2020-10818.
CVSS 9.8
CVE-2020-10131 NOMISEC CRITICAL WRITEUP
SearchBlox <9.2.1 - Code Injection
SearchBlox before Version 9.2.1 is vulnerable to CSV macro injection in "Featured Results" parameter.
CVSS 9.8