Joe Helle

5 exploits Active since Nov 2020
CVE-2021-37832 NOMISEC CRITICAL WRITEUP
HotelDruid 3.0.2 - SQL Injection via idappartamenti Parameter
A SQL injection vulnerability exists in version 3.0.2 of Hotel Druid when SQLite is being used as the application database. A malicious attacker can issue SQL commands to the SQLite database through the vulnerable idappartamenti parameter.
4 stars
CVSS 9.8
CVE-2020-28351 NOMISEC MEDIUM WRITEUP
Mitel ShoreTel 19.46.1802.0 - Unauthenticated Reflected Cross-Site Scripting via PATH_INFO to index.php
The conferencing component on Mitel ShoreTel 19.46.1802.0 devices could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack (via the PATH_INFO to index.php) due to insufficient validation for the time_zone object in the HOME_MEETING& page.
3 stars
CVSS 6.1
CVE-2021-37833 NOMISEC MEDIUM WORKING POC
HotelDruid 3.0.2 - Reflected Cross-Site Scripting
A reflected cross-site scripting (XSS) vulnerability exists in multiple pages in version 3.0.2 of the Hotel Druid application that allows for arbitrary execution of JavaScript commands.
2 stars
CVSS 6.1
CVE-2020-28351 WRITEUP MEDIUM WRITEUP
Mitel ShoreTel 19.46.1802.0 - Unauthenticated Reflected Cross-Site Scripting via PATH_INFO to index.php
The conferencing component on Mitel ShoreTel 19.46.1802.0 devices could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack (via the PATH_INFO to index.php) due to insufficient validation for the time_zone object in the HOME_MEETING& page.
CVSS 6.1
CVE-2020-28351 EXPLOITDB MEDIUM text WORKING POC
Mitel ShoreTel 19.46.1802.0 - Unauthenticated Reflected Cross-Site Scripting via PATH_INFO to index.php
The conferencing component on Mitel ShoreTel 19.46.1802.0 devices could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack (via the PATH_INFO to index.php) due to insufficient validation for the time_zone object in the HOME_MEETING& page.
CVSS 6.1