EmadYaY

2 exploits Active since Sep 2022

CVE-2023-3460 NOMISEC CRITICAL WRITEUP

Ultimate Member <2.6.7 - Privilege Escalation

The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild.

CVSS 9.8

View Code

CVE-2022-36779 NOMISEC MEDIUM WORKING POC

Proscend M330-w Firmware < 1.11 - OS Command Injection

PROSCEND - PROSCEND / ADVICE .Ltd - G/5G Industrial Cellular Router (with GPS)4 Unauthenticated OS Command Injection Proscend M330-w / M33-W5 / M350-5G / M350-W5G / M350-6 / M350-W6 / M301-G / M301-GW ADVICE ICR 111WG / https://www.proscend.com/en/category/industrial-Cellular-Router/industrial-Cellular-Router.html https://cdn.shopify.com/s/files/1/0036/9413/3297/files/ADVICE_Industrial_4G_LTE_Cellular_Router_ICR111WG.pdf?v=1620814301

CVSS 6.5

View Code