Ant1sec-ops

5 exploits Active since Oct 2024
CVE-2024-27766 NOMISEC MEDIUM WORKING POC
MariaDB <11.1 - RCE
An issue in MariaDB v.11.1 allows a remote attacker to execute arbitrary code via the lib_mysqludf_sys.so function. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.
3 stars
CVSS 5.7
CVE-2023-26785 NOMISEC CRITICAL WORKING POC
MariaDB <10.5 - RCE
MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability via UDF Code in a Shared Object File, followed by a "create function" statement. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.
3 stars
CVSS 9.8
CVE-2023-39593 NOMISEC MEDIUM WORKING POC
Mariadb - Code Injection
Insecure permissions in the sys_exec function of MariaDB v10.5 allows authenticated attackers to execute arbitrary commands with elevated privileges. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.
2 stars
CVSS 5.6
CVE-2024-30875 NOMISEC HIGH WRITEUP
jquery-ui <1.13.1 - XSS
Cross Site Scripting vulnerability in JavaScript Library jquery-ui v.1.13.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted payload to the window.addEventListener component. NOTE: this is disputed by the Supplier because it cannot be reproduced, and because the exploitation example does not indicate whether, or how, the example website is using jQuery UI.
1 stars
CVSS 7.1
CVE-2024-33453 NOMISEC HIGH WRITEUP
Espressif Esp-idf - Buffer Overflow
Buffer Overflow vulnerability in esp-idf v.5.1 allows a remote attacker to obtain sensitive information via the externalId component.
1 stars
CVSS 8.1