Gabriel H. @weekndr_sec

3 exploits Active since Jan 2017
CVE-2025-5777 NOMISEC HIGH WORKING POC
Citrix NetScaler ADC/Gateway 12.1-12.1-55.328, 13.1-13.1-37.235, 13.1-13.1-58.32 - Out-of-bounds Read
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
3 stars
CVSS 7.5
CVE-2018-7422 NOMISEC HIGH WORKING POC
Site Editor < 1.1.1 - Local File Inclusion via ajax_path Parameter
A Local File Inclusion vulnerability in the Site Editor plugin through 1.1.1 for WordPress allows remote attackers to retrieve arbitrary files via the ajax_path parameter to editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php, aka absolute path traversal.
1 stars
CVSS 7.5
CVE-2017-5487 NOMISEC MEDIUM WORKING POC
WordPress < 4.7.1 - Unauthorized User Information Exposure via REST API
wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request.
CVSS 5.3