HaHwul

30 exploits Active since May 2007
CVE-2016-0800 NOMISEC MEDIUM SCANNER
OpenSSL <1.0.1s, 1.0.2 before 1.0.2g - RCE
The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack.
5 stars
CVSS 5.9
CVE-2012-4929 NOMISEC SCANNER
Debian Linux - Information Disclosure via TLS Compression Length Oracle
The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack.
5 stars
CVE-2015-0204 NOMISEC SCANNER
OpenSSL < 0.9.8zd, 1.0.0 < 1.0.0p, 1.0.1 < 1.0.1k - RSA-to-EXPORT_RSA Downgrade Attack via Weak Ephemeral RSA Key
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the "FREAK" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations.
5 stars
CVE-2014-0160 NOMISEC HIGH SCANNER
OpenSSL 1.0.1-1.0.1f - Out-of-bounds Read via Heartbeat Extension
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
5 stars
CVSS 7.5
CVE-2007-1858 NOMISEC SCANNER
Apache Tomcat <4.1.31, <5.0.30, <5.5.17 - Info Disclosure
The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
5 stars
CVE-2017-9805 NOMISEC HIGH WORKING POC
Apache Struts 2 REST Plugin XStream RCE
The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.
3 stars
CVSS 8.1
CVE-2025-46001 WRITEUP CRITICAL WRITEUP
simogeo Filemanager 2.3.0 - Arbitrary File Upload via is_allowed_file_type() Function
An arbitrary file upload vulnerability in the is_allowed_file_type() function of Filemanager v2.3.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.
CVSS 9.8
CVE-2025-46001 EXPLOITDB CRITICAL text WORKING POC
simogeo Filemanager 2.3.0 - Arbitrary File Upload via is_allowed_file_type() Function
An arbitrary file upload vulnerability in the is_allowed_file_type() function of Filemanager v2.3.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.
CVSS 9.8
EIP-2026-114492 EXPLOITDB html WORKING POC
XuezhuLi FileSharing - Cross-Site Request Forgery (Add User)
EIP-2026-114527 EXPLOITDB text WORKING POC
YesWiki 0.2 - 'template' Directory Traversal
EIP-2026-114526 EXPLOITDB ruby WORKING POC
YesWiki 0.2 - 'squelette' Directory Traversal
EIP-2026-114493 EXPLOITDB text WORKING POC
XuezhuLi FileSharing - Directory Traversal
EIP-2026-113170 EXPLOITDB text WORKING POC
w2wiki - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-112891 EXPLOITDB html WORKING POC
Ultrabenosaurus ChatBoard - Cross-Site Request Forgery (Send Message)
EIP-2026-112892 EXPLOITDB text WORKING POC
Ultrabenosaurus ChatBoard - Persistent Cross-Site Scripting
EIP-2026-112152 EXPLOITDB text WORKING POC
SimplePHPQuiz - Blind SQL Injection
EIP-2026-109488 EXPLOITDB html WORKING POC
miniMySQLAdmin 1.1.3 - Cross-Site Request Forgery (SQL Execution)
EIP-2026-109406 EXPLOITDB text WORKING POC
memcache-viewer - Cross-Site Scripting
EIP-2026-108067 EXPLOITDB text WORKING POC
jbFileManager - Directory Traversal
EIP-2026-107457 EXPLOITDB text WRITEUP
Gongwalker API Manager 1.1 - Blind SQL Injection
EIP-2026-107458 EXPLOITDB html WORKING POC
Gongwalker API Manager 1.1 - Cross-Site Request Forgery
EIP-2026-107102 EXPLOITDB text WORKING POC
FinderView - Multiple Vulnerabilities
EIP-2026-106563 EXPLOITDB text WORKING POC
Drale DBTableViewer 100123 - Blind SQL Injection
EIP-2026-105817 EXPLOITDB text WORKING POC
chatNow - Multiple Vulnerabilities
EIP-2026-105388 EXPLOITDB text WORKING POC
BanManager WebUI 1.5.8 - PHP Code Injection