Emir Polat - Security Researcher - Exploit Intelligence Platform

CVE-2022-31188 NOMISEC HIGH WORKING POC

CVAT < 2.0.0 - Server-Side Request Forgery

CVAT is an opensource interactive video and image annotation tool for computer vision. Versions prior to 2.0.0 were found to be subject to a Server-side request forgery (SSRF) vulnerability. Validation has been added to urls used in the affected code path in version 2.0.0. Users are advised to upgrade. There are no known workarounds for this issue.

5 stars

CVSS 8.6

View Code

CVE-2022-36446 NOMISEC CRITICAL WORKING POC

Webmin < 1.997 - Remote Code Execution via Unescaped UI Command

software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.

2 stars

CVSS 9.8

View Code

CVE-2023-22515 METASPLOIT CRITICAL ruby WORKING POC

Atlassian Confluence Unauthenticated Remote Code Execution

Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.

CVSS 9.8

View Code

CVE-2023-27253 METASPLOIT HIGH ruby WORKING POC

Netgate pfSense <2.7.0 - Command Injection

A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows authenticated attackers to execute arbitrary commands via manipulating the contents of an XML file supplied to the component config.xml.

CVSS 8.8

View Code

CVE-2022-36446 METASPLOIT CRITICAL ruby WORKING POC

Webmin < 1.997 - Remote Code Execution via Unescaped UI Command

software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.

CVSS 9.8

View Code

CVE-2022-31188 EXPLOITDB HIGH text WORKING POC

CVAT < 2.0.0 - Server-Side Request Forgery

CVAT is an opensource interactive video and image annotation tool for computer vision. Versions prior to 2.0.0 were found to be subject to a Server-side request forgery (SSRF) vulnerability. Validation has been added to urls used in the affected code path in version 2.0.0. Users are advised to upgrade. There are no known workarounds for this issue.

CVSS 8.6

View Code

CVE-2023-27253 EXPLOITDB HIGH ruby WORKING POC

Netgate pfSense <2.7.0 - Command Injection

A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows authenticated attackers to execute arbitrary commands via manipulating the contents of an XML file supplied to the component config.xml.

CVSS 8.8

View Code

EIP-2026-104420 EXPLOITDB text WORKING POC

Schlix CMS 2.2.6-6 - Arbitary File Upload (Authenticated)

View Code

EIP-2026-104175 EXPLOITDB ruby WORKING POC

Atlassian Confluence Data Center and Server - Authentication Bypass (Metasploit)

View Code

CVE-2022-36446 EXPLOITDB CRITICAL python WORKING POC

Webmin < 1.997 - Remote Code Execution via Unescaped UI Command

software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.

CVSS 9.8

View Code