Md7 - Security Researcher - Exploit Intelligence Platform

CVE-2024-4040 NOMISEC CRITICAL WORKING POC

CrushFTP < 10.7.1 - Unauthenticated Server-Side Template Injection

A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.

5 stars

CVSS 9.8

View Code

CVE-2023-3519 NOMISEC CRITICAL WORKING POC

Citrix NetScaler ADC and Gateway - Unauthenticated Remote Code Execution

Unauthenticated remote code execution

5 stars

CVSS 9.8

View Code

CVE-2024-4040 VULNCHECK_XDB CRITICAL WORKING POC

CrushFTP < 10.7.1 - Unauthenticated Server-Side Template Injection

A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.

CVSS 9.8

View Code

CVE-2023-3519 VULNCHECK_XDB CRITICAL WORKING POC

Citrix NetScaler ADC and Gateway - Unauthenticated Remote Code Execution

Unauthenticated remote code execution

CVSS 9.8

View Code