Dawid Czarnecki

6 exploits Active since Feb 2020
CVE-2020-9405 WRITEUP MEDIUM WRITEUP
Iblsoft Online Weather < 4.3.5 - XSS
IBL Online Weather before 4.3.5a allows unauthenticated reflected XSS via the redirect page.
CVSS 6.1
CVE-2020-9406 WRITEUP CRITICAL WRITEUP
Iblsoft Online Weather < 4.3.5 - Code Injection
IBL Online Weather before 4.3.5a allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service.
CVSS 9.8
CVE-2020-9407 WRITEUP MEDIUM WRITEUP
Iblsoft Online Weather < 4.3.5 - Cleartext Storage
IBL Online Weather before 4.3.5a allows attackers to obtain sensitive information by reading the IWEBSERVICE_JSONRPC_COOKIE cookie.
CVSS 5.3
CVE-2021-42369 WRITEUP CRITICAL WRITEUP
Zucchetti Imagicle UC Suite < 2021.summer.2 - SQL Injection
Imagicle Application Suite (for Cisco UC) before 2021.Summer.2 allows SQL injection. A low-privileged user could inject a SQL statement through the "Export to CSV" feature of the Contact Manager web GUI.
CVSS 9.9
CVE-2021-45096 WRITEUP MEDIUM WRITEUP
Knime Analytics Platform < 4.5.0 - XXE
KNIME Analytics Platform before 4.5.0 is vulnerable to XXE (external XML entity injection) via a crafted workflow file (.knwf), aka AP-17730.
CVSS 4.7
CVE-2021-45097 WRITEUP LOW WRITEUP
Knime Server < 4.12.5 - Insufficiently Protected Credentials
KNIME Server before 4.12.6 and 4.13.x before 4.13.4 (when installed in unattended mode) keeps the administrator's password in a file without appropriate file access controls, allowing all local users to read its content.
CVSS 2.9