Haboob Team

13 exploits Active since Mar 2018
CVE-2019-10945 NOMISEC CRITICAL WORKING POC
Joomla! < 3.9.4 - Path Traversal
An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside the media manager root directory.
24 stars
CVSS 9.8
CVE-2023-32629 GITHUB HIGH python WORKING POC
Canonical Ubuntu Linux - Incorrect Authorization
Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data skip permission checks when calling ovl_do_setxattr on Ubuntu kernels
1 stars
CVSS 7.8
CVE-2023-22809 GITHUB HIGH python WORKING POC
Sudoedit Extra Arguments Priv Esc
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.
1 stars
CVSS 7.8
CVE-2019-10945 GITHUB CRITICAL python WORKING POC
Joomla! < 3.9.4 - Path Traversal
An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside the media manager root directory.
1 stars
CVSS 9.8
CVE-2018-8947 GITLAB HIGH WORKING POC
Laravel Log Viewer < 0.13.0 - Cleartext Storage
rap2hpoutre Laravel Log Viewer before v0.13.0 relies on Base64 encoding for l, dl, and del requests, which makes it easier for remote attackers to bypass intended access restrictions, as demonstrated by reading arbitrary files via a dl request.
CVSS 7.5
CVE-2019-10945 NOMISEC CRITICAL WORKING POC
Joomla! < 3.9.4 - Path Traversal
An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside the media manager root directory.
CVSS 9.8
CVE-2018-8947 NOMISEC HIGH WORKING POC
Laravel Log Viewer < 0.13.0 - Cleartext Storage
rap2hpoutre Laravel Log Viewer before v0.13.0 relies on Base64 encoding for l, dl, and del requests, which makes it easier for remote attackers to bypass intended access restrictions, as demonstrated by reading arbitrary files via a dl request.
CVSS 7.5
CVE-2020-35578 METASPLOIT HIGH ruby WORKING POC
Nagios XI < 5.8.0 - OS Command Injection
An issue was discovered in the Manage Plugins page in Nagios XI before 5.8.0. Because the line-ending conversion feature is mishandled during a plugin upload, a remote, authenticated admin user can execute operating-system commands.
CVSS 7.2
CVE-2020-35578 EXPLOITDB HIGH python WORKING POC
Nagios XI < 5.8.0 - OS Command Injection
An issue was discovered in the Manage Plugins page in Nagios XI before 5.8.0. Because the line-ending conversion feature is mishandled during a plugin upload, a remote, authenticated admin user can execute operating-system commands.
CVSS 7.2
EIP-2026-109171 EXPLOITDB python WORKING POC
LiteCart 2.1.2 - Arbitrary File Upload
CVE-2018-8947 EXPLOITDB HIGH python WORKING POC
Laravel Log Viewer < 0.13.0 - Cleartext Storage
rap2hpoutre Laravel Log Viewer before v0.13.0 relies on Base64 encoding for l, dl, and del requests, which makes it easier for remote attackers to bypass intended access restrictions, as demonstrated by reading arbitrary files via a dl request.
CVSS 7.5
CVE-2019-10945 EXPLOITDB CRITICAL python WORKING POC
Joomla! < 3.9.4 - Path Traversal
An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside the media manager root directory.
CVSS 9.8
CVE-2018-14592 EXPLOITDB CRITICAL text WORKING POC
CWJoomla <2.0.7, <1.0.6 - SQL Injection
The CWJoomla CW Article Attachments PRO extension before 2.0.7 and CW Article Attachments FREE extension before 1.0.6 for Joomla! allow SQL Injection within download.php.
CVSS 9.8