NHPT

5 exploits Active since Jul 2014
CVE-2014-4210 NOMISEC WORKING POC
Oracle WebLogic Server <10.3.6.0 - Info Disclosure
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect confidentiality via vectors related to WLS - Web Services.
10 stars
CVE-2023-48123 NOMISEC HIGH SUSPICIOUS
Netgate pfSense < 2.7.0 and pfSense Plus < 23.05.1 - Remote Code Execution via packet_capture.php
An issue in Netgate pfSense Plus v.23.05.1 and before and pfSense CE v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the packet_capture.php file.
1 stars
CVSS 8.8
CVE-2018-15473 NOMISEC MEDIUM WORKING POC
OpenSSH < 7.7 - User Enumeration via Authentication Request Timing
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
1 stars
CVSS 5.3
CVE-2022-24086 NOMISEC CRITICAL SUSPICIOUS
Adobe Commerce <2.4.3-p1, <2.3.7-p2 - RCE
Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution.
CVSS 9.8
CVE-2019-16278 NOMISEC CRITICAL WORKING POC
nostromo_nhttpd <= 1.9.6 - Remote Code Execution via Directory Traversal in http_verify
Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via a crafted HTTP request.
CVSS 9.8