Manouchehri

4 exploits Active since Mar 2016
CVE-2017-1000117 NOMISEC HIGH SUSPICIOUS
Malicious Git HTTP Server For CVE-2017-1000117
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability.
16 stars
CVSS 8.8
CVE-2023-46295 GITLAB CRITICAL WRITEUP
Teledyne FLIR M300 2.00-19 - Unauthenticated Remote Code Execution via PHP Page
An issue was discovered in Teledyne FLIR M300 2.00-19. Unauthenticated remote code execution can occur in the web server. An attacker can exploit this by sending a POST request to the vulnerable PHP page. An attacker can elevate to root permissions with Sudo.
CVSS 9.8
CVE-2023-46294 GITLAB LOW WRITEUP
Teledyne FLIR M300 <2.00-19 - Info Disclosure
An issue was discovered in Teledyne FLIR M300 2.00-19. User account passwords are encrypted locally, and can be decrypted to cleartext passwords using the utility umSetup. This utility requires root permissions to execute.
CVSS 3.4
CVE-2016-1734 NOMISEC MEDIUM WRITEUP
Apple iOS <9.2.1 and OS X <10.11.3 - Memory Corruption via Crafted USB Device
AppleUSBNetworking in Apple iOS before 9.3 and OS X before 10.11.4 allows physically proximate attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted USB device.
CVSS 6.8