BrotherOfJhonny

3 exploits Active since Jun 2022
CVE-2024-48955 NOMISEC HIGH WRITEUP
NetAdmin 4.030319 - Info Disclosure
Broken access control in NetAdmin 4.030319 returns data with functionalities on the endpoint that "assembles" the functionalities menus, the return of this call is not encrypted and as the system does not validate the session authorization, an attacker can copy the content of the browser of a user with greater privileges having access to the functionalities of the user that the code was copied.
CVSS 8.1
CVE-2024-51026 NOMISEC MEDIUM WRITEUP
NetAdmin IAM 4.0.30319 - Cross-Site Scripting via BalloonSave.ashx Content Parameter
The NetAdmin IAM system (version 4.0.30319) has a Cross Site Scripting (XSS) vulnerability in the /BalloonSave.ashx endpoint, where it is possible to inject a malicious payload into the Content= field.
CVSS 5.4
CVE-2022-32275 WRITEUP HIGH WRITEUP
Grafana 8.4.3 - Path Traversal via Snapshot URI
Grafana 8.4.3 allows reading files via (for example) a /dashboard/snapshot/%7B%7Bconstructor.constructor'/.. /.. /.. /.. /.. /.. /.. /.. /etc/passwd URI. NOTE: the vendor's position is that there is no vulnerability; this request yields a benign error page, not /etc/passwd content
CVSS 7.5