Caner Tercan

3 exploits Active since Jan 2024
CVE-2023-50094 NOMISEC HIGH WORKING POC
reNgine < 2.0.2 - Authenticated OS Command Injection via WAF Detector URL Parameter
reNgine before 2.1.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/waf_detector/?url= string. The commands are executed as root via subprocess.check_output.
CVSS 8.8
CVE-2024-58287 EXPLOITDB HIGH text WORKING POC
reNgine 2.2.0 - Authenticated Remote Code Execution via Nmap Command Parameter Injection
reNgine 2.2.0 contains a command injection vulnerability in the nmap_cmd parameter of scan engine configuration that allows authenticated attackers to execute arbitrary commands. Attackers can modify the nmap_cmd parameter with malicious base64-encoded payloads to achieve remote code execution during scan engine configuration.
CVSS 8.8
CVE-2024-44000 EXPLOITDB CRITICAL python WORKING POC
LiteSpeed Cache < 6.5.0.1 - Unauthenticated Authentication Bypass via Insufficiently Protected Credentials
Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Authentication Bypass.This issue affects LiteSpeed Cache: from n/a through < 6.5.0.1.
CVSS 9.8