Drew Alleman

5 exploits Active since Nov 2018
CVE-2019-7214 NOMISEC CRITICAL WORKING POC
SmarterTools SmarterMail less than build 6985 - .NET Deserialization Remote Code Execution
SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This port is not accessible remotely by default after applying the Build 6985 patch.
3 stars
CVSS 9.8
CVE-2020-11651 NOMISEC CRITICAL WORKING POC
SaltStack Salt <2019.2.4,3000.2 - RCE
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.
1 stars
CVSS 9.8
CVE-2019-12185 NOMISEC HIGH WORKING POC
eLabFTW 1.8.5 - Command Injection
eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. This may result in remote command execution. An attacker can use a user account to fully compromise the system using a POST request. This will allow for PHP files to be written to the web root, and for code to execute on the remote server.
CVSS 8.8
CVE-2018-19422 NOMISEC HIGH WORKING POC
Subrion CMS 4.2.1 - RCE
/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these.
CVSS 7.2
CVE-2020-11652 VULNCHECK_XDB MEDIUM WORKING POC
Salt < 2019.2.4 - Path Traversal
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.
CVSS 6.5