Kevin Suckiel

5 exploits Active since Feb 2023
CVE-2025-45346 NOMISEC HIGH WORKING POC
Bacula-web < 9.7.1 - SQL Injection via HTTP GET Request
SQL Injection vulnerability in Bacula-web before v.9.7.1 allows a remote attacker to execute arbitrary code via a crafted HTTP GET request.
CVSS 8.1
CVE-2025-29556 NOMISEC HIGH WORKING POC
ExaGrid EX10 <7.0.1.P08 - Privilege Escalation
ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control. Since version 6.3, ExaGrid enforces restrictions preventing users with the Admin role from creating or modifying users with the Security Officer role without approval. However, a flaw in the account creation process allows an attacker to bypass these restrictions via API request manipulation. An attacker with an Admin access can intercept and modify the API request during user creation, altering the parameters to assign the new account to the ExaGrid Security Officers group without the required approval.
CVSS 7.3
CVE-2025-29557 NOMISEC MEDIUM WRITEUP
ExaGrid EX10 6.3-7.0.1.P08 - Info Disclosure
ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control in the MailConfiguration API endpoint, where users with operator-level privileges can issue an HTTP request to retrieve SMTP credentials, including plaintext passwords.
CVSS 5.4
CVE-2023-0860 NOMISEC HIGH WRITEUP
modoboa installer < 2.0.4 - Improper Restriction of Excessive Authentication Attempts
Improper Restriction of Excessive Authentication Attempts in GitHub repository modoboa/modoboa-installer prior to 2.0.4.
CVSS 7.5
CVE-2023-1665 NOMISEC CRITICAL WRITEUP
linagora/twake <0.0.0. - Auth Bypass
Improper Restriction of Excessive Authentication Attempts in GitHub repository linagora/twake prior to 0.0.0.
CVSS 9.8