D3N14LD15K

2 exploits Active since Aug 2024

CVE-2024-11680 NOMISEC CRITICAL WORKING POC

ProjectSend <r1720 - Auth Bypass

ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application's configuration. Successful exploitation allows attackers to create accounts, upload webshells, and embed malicious JavaScript.

12 stars

CVSS 9.8

View Code

CVE-2024-7593 NOMISEC CRITICAL WORKING POC

Ivanti Virtual Traffic Manager Authentication Bypass (CVE-2024-7593)

Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.

9 stars

CVSS 9.8

View Code