MAWK0235

4 exploits Active since Feb 2024
CVE-2024-24401 NOMISEC CRITICAL WORKING POC
Nagios XI - SQL Injection
SQL Injection vulnerability in Nagios XI 2024R1.01 allows a remote attacker to execute arbitrary code via a crafted payload to the monitoringwizard.php component.
36 stars
CVSS 9.8
CVE-2024-24402 NOMISEC CRITICAL WORKING POC
Nagios XI - Improper Privilege Management
An issue in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted script to the /usr/local/nagios/bin/npcd component.
4 stars
CVSS 9.8
CVE-2024-23346 NOMISEC CRITICAL WORKING POC
Materialsvirtuallab Pymatgen < 2024.2.20 - Command Injection
Pymatgen (Python Materials Genomics) is an open-source Python library for materials analysis. A critical security vulnerability exists in the `JonesFaithfulTransformation.from_transformation_str()` method within the `pymatgen` library prior to version 2024.2.20. This method insecurely utilizes `eval()` for processing input, enabling execution of arbitrary code when parsing untrusted input. Version 2024.2.20 fixes this issue.
CVSS 9.3
CVE-2024-23346 NOMISEC CRITICAL WORKING POC
Materialsvirtuallab Pymatgen < 2024.2.20 - Command Injection
Pymatgen (Python Materials Genomics) is an open-source Python library for materials analysis. A critical security vulnerability exists in the `JonesFaithfulTransformation.from_transformation_str()` method within the `pymatgen` library prior to version 2024.2.20. This method insecurely utilizes `eval()` for processing input, enabling execution of arbitrary code when parsing untrusted input. Version 2024.2.20 fixes this issue.
CVSS 9.3