Cinnamon1212

2 exploits Active since Aug 2018

CVE-2018-15877 NOMISEC HIGH WORKING POC

Plainview Activity Monitor < 20180826 - OS Command Injection

The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell metacharacters in the ip parameter of a wp-admin/admin.php?page=plainview_activity_monitor&tab=activity_tools request.

1 stars

CVSS 8.8

View Code

CVE-2020-10915 NOMISEC CRITICAL WORKING POC

VEEAM One Agent 9.5.4.4587 - Deserialization

This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HandshakeResult method. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-10401.

CVSS 9.8

View Code