Dmitry Kuramin

6 exploits Active since Oct 2020
CVE-2021-27188 NOMISEC HIGH WRITEUP
Sovremennye Delovye Tekhnologii FX Aggregator Terminal Client 1 - DoS via Excessive Authentication Attempts
The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 allows attackers to cause a denial of service (access suspended for five hours) by making five invalid login attempts to a victim's account.
1 stars
CVSS 7.5
CVE-2020-27747 NOMISEC MEDIUM WRITEUP
Click Studios Passwordstate 8.9 Build 8973 - Unauthenticated Brute Force Attack via Mobile PIN Code
An issue was discovered in Click Studios Passwordstate 8.9 (Build 8973).If the user of the system has assigned himself a PIN code for entering from a mobile device using the built-in generator (4 digits), a remote attacker has the opportunity to conduct a brute force attack on this PIN code. As result, remote attacker retrieves all passwords from another systems, available for affected account.
1 stars
CVSS 6.8
CVE-2020-29666 NOMISEC MEDIUM WRITEUP
Lan ATMService M3 ATM Monitoring System 6.1.0 - Info Disclosure
In Lan ATMService M3 ATM Monitoring System 6.1.0, due to a directory-listing vulnerability, a remote attacker can view log files, located in /websocket/logs/, that contain a user's cookie values and the predefined developer's cookie value.
1 stars
CVSS 5.3
CVE-2020-29667 NOMISEC CRITICAL WRITEUP
Lan ATMService M3 ATM Monitoring System 6.1.0 - Info Disclosure
In Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie value, such as PHPSESSID=LANIT-IMANAGER, can achieve control over the system because of Insufficient Session Expiration.
1 stars
CVSS 9.8
CVE-2023-45966 NOMISEC HIGH WRITEUP
remark42 < 1.12.1 - Server-Side Request Forgery via Newsletter Import URL Parameter
umputun remark42 version 1.12.1 and before has a Blind Server-Side Request Forgery (SSRF) vulnerability.
CVSS 7.5
CVE-2022-24449 NOMISEC CRITICAL WRITEUP
Solar appScreener <= 3.10.4 - XML External Entity Injection and Server-Side Request Forgery via Crafted XML Document
Solar appScreener through 3.10.4, when a valid license is not present, allows XXE and SSRF attacks via a crafted XML document.
CVSS 9.8