Dmitry Kuramin

6 exploits Active since Oct 2020
CVE-2021-27188 NOMISEC HIGH WRITEUP
Xn--b1agzlht FX Aggregator Terminal Client - Brute Force
The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 allows attackers to cause a denial of service (access suspended for five hours) by making five invalid login attempts to a victim's account.
1 stars
CVSS 7.5
CVE-2020-27747 NOMISEC MEDIUM WRITEUP
Clickstudios Passwordstate - Brute Force
An issue was discovered in Click Studios Passwordstate 8.9 (Build 8973).If the user of the system has assigned himself a PIN code for entering from a mobile device using the built-in generator (4 digits), a remote attacker has the opportunity to conduct a brute force attack on this PIN code. As result, remote attacker retrieves all passwords from another systems, available for affected account.
1 stars
CVSS 6.8
CVE-2020-29666 NOMISEC MEDIUM WRITEUP
Lan ATMService M3 ATM Monitoring System 6.1.0 - Info Disclosure
In Lan ATMService M3 ATM Monitoring System 6.1.0, due to a directory-listing vulnerability, a remote attacker can view log files, located in /websocket/logs/, that contain a user's cookie values and the predefined developer's cookie value.
1 stars
CVSS 5.3
CVE-2020-29667 NOMISEC CRITICAL WRITEUP
Lan ATMService M3 ATM Monitoring System 6.1.0 - Info Disclosure
In Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie value, such as PHPSESSID=LANIT-IMANAGER, can achieve control over the system because of Insufficient Session Expiration.
1 stars
CVSS 9.8
CVE-2023-45966 NOMISEC HIGH WRITEUP
umputun remark42 <1.12.1 - SSRF
umputun remark42 version 1.12.1 and before has a Blind Server-Side Request Forgery (SSRF) vulnerability.
CVSS 7.5
CVE-2022-24449 NOMISEC CRITICAL WRITEUP
Solar appScreener <3.10.4 - XSS
Solar appScreener through 3.10.4, when a valid license is not present, allows XXE and SSRF attacks via a crafted XML document.
CVSS 9.8