M4fiaB0y - Security Researcher - Exploit Intelligence Platform

CVE-2023-22809 NOMISEC HIGH WORKING POC

Sudoedit Extra Arguments Priv Esc

In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.

6 stars

CVSS 7.8

View Code

CVE-2022-38374 NOMISEC HIGH WORKING POC

Fortinet FortiADC <7.0.2, <6.2.4 - XSS

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiADC 7.0.0 - 7.0.2 and 6.2.0 - 6.2.4 allows an attacker to execute unauthorized code or commands via the URL and User fields observed in the traffic and event logviews.

2 stars

CVSS 8.8

View Code

CVE-2022-30075 NOMISEC HIGH WORKING POC

Tp-link Archer Ax50 Firmware < 210730 - Remote Code Execution

In TP-Link Router AX50 firmware 210730 and older, import of a malicious backup file via web interface can lead to remote code execution due to improper validation.

1 stars

CVSS 8.8

View Code

CVE-2022-1388 NOMISEC CRITICAL SCANNER

F5 BIG-IP iControl RCE via REST Authentication Bypass

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS 9.8

View Code

CVE-2022-30525 NOMISEC CRITICAL WORKING POC

Zyxel Firewall SUID Binary Privilege Escalation

A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device.

CVSS 9.8

View Code