Ant1sec-ops

5 exploits Active since Oct 2024
CVE-2024-27766 NOMISEC MEDIUM WORKING POC
MariaDB 11.1 - Remote Code Execution via lib_mysqludf_sys.so Function
An issue in MariaDB v.11.1 allows a remote attacker to execute arbitrary code via the lib_mysqludf_sys.so function. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.
3 stars
CVSS 5.7
CVE-2023-26785 NOMISEC CRITICAL WORKING POC
MariaDB 10.5 - Remote Code Execution via UDF Shared Object File
MariaDB v10.5 was discovered to contain a remote code execution (RCE) vulnerability via UDF Code in a Shared Object File, followed by a "create function" statement. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.
3 stars
CVSS 9.8
CVE-2023-39593 NOMISEC MEDIUM WORKING POC
MariaDB - Authenticated Command Injection via sys_exec Function
Insecure permissions in the sys_exec function of MariaDB v10.5 allows authenticated attackers to execute arbitrary commands with elevated privileges. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.
2 stars
CVSS 5.6
CVE-2024-30875 NOMISEC HIGH WRITEUP
jquery-ui 1.13.1 - Cross-Site Scripting via window.addEventListener
Cross Site Scripting vulnerability in JavaScript Library jquery-ui v.1.13.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted payload to the window.addEventListener component. NOTE: this is disputed by the Supplier because it cannot be reproduced, and because the exploitation example does not indicate whether, or how, the example website is using jQuery UI.
1 stars
CVSS 7.1
CVE-2024-33453 NOMISEC HIGH WRITEUP
esp-idf 5.1 - Buffer Overflow via ExternalId Component
Buffer Overflow vulnerability in esp-idf v.5.1 allows a remote attacker to obtain sensitive information via the externalId component.
1 stars
CVSS 8.1