IvanGlinkin

2 exploits Active since Jul 2006

CVE-2006-3392 NOMISEC WORKING POC

Webmin <1.290 - Info Disclosure

Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using "..%01" sequences, which bypass the removal of "../" sequences before bytes such as "%01" are removed from the filename. NOTE: This is a different issue than CVE-2006-3274.

14 stars

View Code

CVE-2024-36821 NOMISEC MEDIUM WORKING POC

Linksys Velop WiFi 5 - Privilege Escalation

Insecure permissions in Linksys Velop WiFi 5 (WHW01v1) 1.1.13.202617 allows attackers to escalate privileges from Guest to root.

3 stars

CVSS 6.8

View Code