FlojBoj

6 exploits Active since Aug 2021
CVE-2022-0944 NOMISEC HIGH WORKING POC
sqlpad/sqlpad <6.10.1 - RCE
Template injection in connection test endpoint leads to RCE in GitHub repository sqlpad/sqlpad prior to 6.10.1.
5 stars
CVSS 7.2
CVE-2024-21626 NOMISEC HIGH WORKING POC
runc (docker) File Descriptor Leak Privilege Escalation
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue.
1 stars
CVSS 8.6
CVE-2024-32002 NOMISEC CRITICAL WORKING POC
Git <2.45.1-2.39.4 - Code Injection
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.
CVSS 9.0
CVE-2023-42793 NOMISEC CRITICAL WORKING POC
Jetbrains Teamcity < 2023.05.4 - Missing Authentication
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
CVSS 9.8
CVE-2022-44268 NOMISEC MEDIUM WORKING POC
ImageMagick 7.1.0-49 - Info Disclosure
ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it).
CVSS 6.5
CVE-2021-31630 NOMISEC HIGH WORKING POC
Openplcproject Openplc V3 Firmware - Code Injection
Command Injection in Open PLC Webserver v3 allows remote attackers to execute arbitrary code via the "Hardware Layer Code Box" component on the "/hardware" page of the application.
CVSS 8.8