DarkFunct

67 exploits Active since Mar 2017
CVE-2022-1162 GITHUB CRITICAL c
GitLab 14.7-14.7.6, 14.8-14.8.4, 14.9-14.9.1 - Authentication Bypass via Hardcoded OmniAuth Password
A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowing attackers to potentially take over accounts
34 stars
CVSS 9.1
CVE-2022-21849 GITHUB CRITICAL c
Windows 10 and Windows 11 - Remote Code Execution in IKE Protocol Extensions
Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability
34 stars
CVSS 9.8
CVE-2022-2185 GITHUB CRITICAL c
GitLab <14.10.5-15.1.1 - Authenticated RCE
A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where an authenticated user authorized to import projects could import a maliciously crafted project leading to remote code execution.
34 stars
CVSS 9.9
CVE-2022-22965 GITHUB CRITICAL c
Spring Framework - Remote Code Execution via Data Binding
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
34 stars
CVSS 9.8
CVE-2022-2445 GITHUB c
Rejected
Rejected reason: Incorrectly assigned CVE. Not a valid issue.
34 stars
CVE-2022-3361 GITHUB MEDIUM c
Ultimate Member <2.5.0 - Path Traversal
The Ultimate Member plugin for WordPress is vulnerable to directory traversal in versions up to, and including 2.5.0 due to insufficient input validation on the 'template' attribute used in shortcodes. This makes it possible for attackers with administrative privileges to supply arbitrary paths using traversal (../../) to access and include files outside of the intended directory. If an attacker can successfully upload a php file then remote code execution via inclusion may also be possible. Note: for users with less than administrative capabilities, /wp-admin access needs to be enabled for that user in order for this to be exploitable by those users.
34 stars
CVSS 4.3
CVE-2022-3383 GITHUB HIGH c
Ultimate Member <2.5.0 - Authenticated RCE
The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.5.0 via the get_option_value_from_callback function that accepts user supplied input and passes it through call_user_func(). This makes it possible for authenticated attackers, with administrative capabilities, to execute code on the server.
34 stars
CVSS 7.2
CVE-2022-34721 GITHUB CRITICAL c
Windows Internet Key Exchange (IKE) Protocol Extensions - Remote Code Execution
Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability
34 stars
CVSS 9.8
CVE-2022-35513 GITHUB HIGH c
Blink1Control2 <= 2.2.7 - Weak Password Encryption
The Blink1Control2 application <= 2.2.7 uses weak password encryption and an insecure method of storage.
34 stars
CVSS 7.5
CVE-2022-35742 GITHUB HIGH c
Microsoft Outlook - Denial of Service
Microsoft Outlook Denial of Service Vulnerability
34 stars
CVSS 7.5
CVE-2023-21752 GITHUB HIGH c
Windows Backup Service - Privilege Escalation
Windows Backup Service Elevation of Privilege Vulnerability
34 stars
CVSS 7.1
CVE-2023-29343 GITHUB HIGH c
SysInternals Sysmon - Privilege Escalation
SysInternals Sysmon for Windows Elevation of Privilege Vulnerability
34 stars
CVSS 7.8
CVE-2023-36874 GITHUB HIGH c
Windows Error Reporting Service - Privilege Escalation
Windows Error Reporting Service Elevation of Privilege Vulnerability
34 stars
CVSS 7.8
CVE-2021-21975 GITHUB HIGH c
VMware vRealize Operations Manager < 8.4 - Server-Side Request Forgery via API
Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials.
34 stars
CVSS 7.5
CVE-2021-22005 GITHUB CRITICAL c
VMware Cloud Foundation 3.0-4.0 and vCenter Server - Arbitrary File Upload via Analytics Service
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file.
34 stars
CVSS 9.8
CVE-2023-38831 GITHUB HIGH c
WinRAR CVE-2023-38831 Exploit
RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through October 2023.
34 stars
CVSS 7.8
CVE-2021-21975 NOMISEC HIGH WORKING POC
VMware vRealize Operations Manager < 8.4 - Server-Side Request Forgery via API
Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials.
CVSS 7.5