Barak Tawily

11 exploits Active since Jan 2014
CVE-2018-6389 NOMISEC HIGH WORKING POC
WordPress < 4.9.2 - Unauthenticated Denial of Service via Repeated JavaScript File Loading
In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times.
81 stars
CVSS 7.5
CVE-2019-9580 NOMISEC MEDIUM WORKING POC
StackStorm Web UI <2.9.3, <2.10.3 - CSRF
In st2web in StackStorm Web UI before 2.9.3 and 2.10.x before 2.10.3, it is possible to bypass the CORS protection mechanism via a "null" origin value, potentially leading to XSS.
31 stars
CVSS 6.1
CVE-2018-6389 NOMISEC HIGH WORKING POC
WordPress < 4.9.2 - Unauthenticated Denial of Service via Repeated JavaScript File Loading
In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times.
6 stars
CVSS 7.5
CVE-2018-6389 NOMISEC HIGH WORKING POC
WordPress < 4.9.2 - Unauthenticated Denial of Service via Repeated JavaScript File Loading
In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times.
3 stars
CVSS 7.5
CVE-2018-6389 NOMISEC HIGH WORKING POC
WordPress < 4.9.2 - Unauthenticated Denial of Service via Repeated JavaScript File Loading
In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times.
2 stars
CVSS 7.5
CVE-2018-6389 NOMISEC HIGH WRITEUP
WordPress < 4.9.2 - Unauthenticated Denial of Service via Repeated JavaScript File Loading
In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times.
1 stars
CVSS 7.5
CVE-2018-6389 NOMISEC HIGH WORKING POC
WordPress < 4.9.2 - Unauthenticated Denial of Service via Repeated JavaScript File Loading
In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times.
1 stars
CVSS 7.5
CVE-2017-14506 WRITEUP MEDIUM WRITEUP
geminabox < 0.13.6 - Cross-Site Scripting via Crafted Gem Homepage Value
geminabox (aka Gem in a Box) before 0.13.6 has XSS, as demonstrated by uploading a gem file that has a crafted gem.homepage value in its .gemspec file.
CVSS 5.4
CVE-2017-14683 WRITEUP HIGH WRITEUP
geminabox < 0.13.7 - Cross-Site Request Forgery via Unintended Gem Upload
geminabox (aka Gem in a Box) before 0.13.7 has CSRF, as demonstrated by an unintended gem upload.
CVSS 8.8
CVE-2014-1202 EXPLOITDB text WORKING POC
SoapUI < 4.6.4 - Remote Code Execution via WSDL Import
The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file.
CVE-2018-6389 EXPLOITDB HIGH python WORKING POC
WordPress < 4.9.2 - Unauthenticated Denial of Service via Repeated JavaScript File Loading
In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times.
CVSS 7.5