KiPhuong

4 exploits Active since Feb 2017
CVE-2025-5025 NOMISEC MEDIUM WORKING POC
curl 8.5.0-8.13.9 - Improper Certificate Validation in QUIC HTTP/3 with wolfSSL
libcurl supports *pinning* of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that it does not for QUIC and HTTP/3. Since pinning makes the transfer succeed if the pin is fine, users could unwittingly connect to an impostor server without noticing.
CVSS 4.8
CVE-2024-3552 NOMISEC CRITICAL WRITEUP
Web Directory Free WP <1.7.0 - SQL Injection
The Web Directory Free WordPress plugin before 1.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and Error-Based.
CVSS 9.8
CVE-2024-3552 NOMISEC CRITICAL WORKING POC
Web Directory Free WP <1.7.0 - SQL Injection
The Web Directory Free WordPress plugin before 1.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and Error-Based.
CVSS 9.8
CVE-2016-6210 NOMISEC MEDIUM WORKING POC
OpenSSH < 7.2 - User Enumeration via Timing Attack on Password Hashing
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.
CVSS 5.9