DaniTheHack3r

2 exploits Active since Jul 2023

CVE-2024-42009 NOMISEC CRITICAL WORKING POC

Roundcube Webmail < 1.5.8 - XSS

A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php.

7 stars

CVSS 9.3

View Code

CVE-2023-38646 NOMISEC CRITICAL WORKING POC

Metabase <0.46.6.1-1.46.6.1 - RCE

Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.

CVSS 9.8

View Code