Cr4ckC4t

2 exploits Active since Mar 2019

CVE-2022-41352 NOMISEC CRITICAL WORKING POC

Zimbra Collaboration <9.0 - Privilege Escalation

An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu; however, pax is no longer part of a default Red Hat installation after RHEL 6 (or CentOS 6). Once pax is installed, amavis automatically prefers it over cpio.

105 stars

CVSS 9.8

View Code

CVE-2019-7609 NOMISEC CRITICAL WORKING POC

Kibana Timelion Prototype Pollution RCE

Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.

4 stars

CVSS 10.0

View Code