Dawid Czarnecki

6 exploits Active since Feb 2020
CVE-2020-9405 WRITEUP MEDIUM WRITEUP
IBL Online Weather < 4.3.5 - Unauthenticated Reflected Cross-Site Scripting via Redirect Page
IBL Online Weather before 4.3.5a allows unauthenticated reflected XSS via the redirect page.
CVSS 6.1
CVE-2020-9406 WRITEUP CRITICAL WRITEUP
IBL Online Weather < 4.3.5 - Unauthenticated Code Injection via queryBCP Method
IBL Online Weather before 4.3.5a allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service.
CVSS 9.8
CVE-2020-9407 WRITEUP MEDIUM WRITEUP
IBL Online Weather < 4.3.5 - Sensitive Information Exposure via IWEBSERVICE_JSONRPC_COOKIE
IBL Online Weather before 4.3.5a allows attackers to obtain sensitive information by reading the IWEBSERVICE_JSONRPC_COOKIE cookie.
CVSS 5.3
CVE-2021-42369 WRITEUP CRITICAL WRITEUP
Imagicle Application Suite for Cisco UC < 2021.summer.2 - Authenticated SQL Injection via Contact Manager CSV Export
Imagicle Application Suite (for Cisco UC) before 2021.Summer.2 allows SQL injection. A low-privileged user could inject a SQL statement through the "Export to CSV" feature of the Contact Manager web GUI.
CVSS 9.9
CVE-2021-45096 WRITEUP MEDIUM WRITEUP
KNIME Analytics Platform < 4.5.0 - XML External Entity Injection via Crafted Workflow File
KNIME Analytics Platform before 4.5.0 is vulnerable to XXE (external XML entity injection) via a crafted workflow file (.knwf), aka AP-17730.
CVSS 4.7
CVE-2021-45097 WRITEUP LOW WRITEUP
KNIME Server < 4.12.6 and 4.13.x < 4.13.4 - Insufficiently Protected Credentials via Unattended Mode Installation
KNIME Server before 4.12.6 and 4.13.x before 4.13.4 (when installed in unattended mode) keeps the administrator's password in a file without appropriate file access controls, allowing all local users to read its content.
CVSS 2.9