James Horseman

18 exploits Active since May 2022
CVE-2022-1388 NOMISEC CRITICAL WORKING POC
F5 BIG-IP iControl RCE via REST Authentication Bypass
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
231 stars
CVSS 9.8
CVE-2023-34051 NOMISEC CRITICAL WORKING POC
VMware Aria Operations for Logs - RCE
VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.
61 stars
CVSS 9.8
CVE-2024-9464 NOMISEC MEDIUM WORKING POC
Palo Alto Networks Expedition 1.2.0-1.2.95 - Authenticated OS Command Injection
An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.
45 stars
CVSS 6.5
CVE-2023-38035 NOMISEC CRITICAL WORKING POC
Ivanti Sentry MICSLogService Auth Bypass resulting in RCE (CVE-2023-38035)
A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.
40 stars
CVSS 9.8
CVE-2025-64155 NOMISEC CRITICAL WORKING POC
FortiSIEM 6.7.0-6.7.10, 7.0.0-7.0.4, 7.1.0-7.1.8, 7.3.0-7.3.4, 7.4.0 - OS Command Injection via TCP Requests
An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, FortiSIEM 7.0.0 through 7.0.4, FortiSIEM 6.7.0 through 6.7.10 may allow an attacker to execute unauthorized code or commands via crafted TCP requests.
30 stars
CVSS 9.8
CVE-2026-22200 NOMISEC HIGH WORKING POC
Enhancesoft osTicket 1.17.0-1.17.6 and 1.18.0-1.18.2 - Unauthenticated Arbitrary File Read via Ticket PDF Export
Enhancesoft osTicket versions 1.18.x prior to 1.18.3 and 1.17.x prior to 1.17.7 contain an arbitrary file read vulnerability in the ticket PDF export functionality. A remote attacker can submit a ticket containing crafted rich-text HTML that includes PHP filter expressions which are insufficiently sanitized before being processed by the mPDF PDF generator during export. When the attacker exports the ticket to PDF, the generated PDF can embed the contents of attacker-selected files from the server filesystem as bitmap images, allowing disclosure of sensitive local files in the context of the osTicket application user. This issue is exploitable in default configurations where guests may create tickets and access ticket status, or where self-registration is enabled.
8 stars
CVSS 7.5
CVE-2025-11700 GITHUB HIGH python WORKING POC
N-able N-Central Authentication Bypass and XXE Scanner
N-central versions < 2025.4 are vulnerable to multiple XML External Entities injection leading to information disclosure
2 stars
CVSS 7.5
CVE-2025-9316 NOMISEC MEDIUM WORKING POC
N-central <2025.4 - Info Disclosure
N-central < 2025.4 can generate sessionIDs for unauthenticated users This issue affects N-central: before 2025.4.
2 stars
CVE-2022-31711 VULNCHECK_XDB MEDIUM WORKING POC
VMware vRealize Log Insight 3.0-4.8 - Unauthenticated Exposure of Sensitive Session Information
VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication.
CVSS 5.3
CVE-2022-31706 VULNCHECK_XDB CRITICAL WORKING POC
VMware vRealize Log Insight 3.0-4.8 - Unauthenticated Path Traversal and Remote Code Execution
The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.
CVSS 9.8
CVE-2022-31704 VULNCHECK_XDB CRITICAL WORKING POC
VMware vRealize Log Insight 3.0-4.8 - Unauthenticated Remote Code Execution via Broken Access Control
The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution.
CVSS 9.8
CVE-2024-0204 METASPLOIT CRITICAL ruby WORKING POC
Fortra GoAnywhere MFT Unauthenticated Remote Code Execution
Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.
CVSS 9.8
CVE-2023-48788 METASPLOIT CRITICAL ruby WORKING POC
Fortinet Forticlient Endpoint Management Server - SQL Injection
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets.
CVSS 9.8
CVE-2023-28324 METASPLOIT CRITICAL ruby WORKING POC
Ivanti Endpoint Manager < 2022 - Privilege Escalation or Remote Code Execution
A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege escalation or remote code execution.
CVSS 9.8
CVE-2024-29824 METASPLOIT HIGH ruby WORKING POC
Ivanti EPM RecordGoodApp SQLi RCE
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
CVSS 8.8
CVE-2022-1388 METASPLOIT CRITICAL ruby WORKING POC
F5 BIG-IP iControl RCE via REST Authentication Bypass
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
CVSS 9.8
CVE-2023-38035 METASPLOIT CRITICAL ruby WORKING POC
Ivanti Sentry MICSLogService Auth Bypass resulting in RCE (CVE-2023-38035)
A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.
CVSS 9.8
CVE-2023-26067 METASPLOIT HIGH ruby WORKING POC
Lexmark <2023-02-19 - Info Disclosure
Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 1 of 4).
CVSS 8.1