FaLLenSKiLL1

4 exploits Active since Feb 2024
CVE-2024-33113 NOMISEC MEDIUM WORKING POC
D-LINK DIR-845L <=1.01KRb03 - Information Disclosure via bsc_sms_inbox.php
D-LINK DIR-845L <=v1.01KRb03 is vulnerable to Information disclosurey via bsc_sms_inbox.php.
3 stars
CVSS 5.3
CVE-2024-6678 GITHUB CRITICAL python WORKING POC
GitLab CE/EE <17.1.7-17.3.2 - Privilege Escalation
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, which allows an attacker to trigger a pipeline as an arbitrary user under certain circumstances.
1 stars
CVSS 9.9
CVE-2024-33111 NOMISEC MEDIUM WORKING POC
D-Link DIR-845L Firmware <= 1.01KRb03 - Cross-Site Scripting via bsc_sms_inbox.php
D-Link DIR-845L router <=v1.01KRb03 is vulnerable to Cross Site Scripting (XSS) via /htdocs/webinc/js/bsc_sms_inbox.php.
CVSS 5.4
CVE-2024-22853 NOMISEC CRITICAL WRITEUP
D-LINK Go-RT-AC750 - Code Injection
D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 has a hardcoded password for the Alphanetworks account, which allows remote attackers to obtain root access via a telnet session.
CVSS 9.8