Lay0us

6 exploits Active since Mar 2022
CVE-2022-32532 NOMISEC CRITICAL WORKING POC
Apache Shiro < 1.9.1 - Authorization Bypass via RegexRequestMatcher Misconfiguration
Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.
13 stars
CVSS 9.8
CVE-2022-24637 NOMISEC CRITICAL WORKING POC
Open Web Analytics <1.7.4 - Info Disclosure
Open Web Analytics (OWA) before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '<?php (instead of the intended "<?php sequence) aren't handled by the PHP interpreter.
5 stars
CVSS 9.8
CVE-2022-0848 NOMISEC CRITICAL WORKING POC
part-db < 0.5.11 - OS Command Injection
OS Command Injection in GitHub repository part-db/part-db prior to 0.5.11.
1 stars
CVSS 9.8
CVE-2022-26809 NOMISEC CRITICAL STUB
Microsoft Windows RPC Runtime - Remote Code Execution
Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVSS 9.8
CVE-2022-30594 NOMISEC HIGH WRITEUP
Linux Kernel < 5.17.2 - Missing Authorization via PT_SUSPEND_SECCOMP Flag
The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag.
CVSS 7.8
CVE-2022-32532 INTHEWILD CRITICAL WORKING POC
Apache Shiro < 1.9.1 - Authorization Bypass via RegexRequestMatcher Misconfiguration
Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.
CVSS 9.8