Nettitude

6 exploits Active since Jun 2018
CVE-2024-20356 NOMISEC HIGH WORKING POC
Cisco Unified Computing System (Standalone) - Authenticated OS Command Injection
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with Administrator-level privileges to perform command injection attacks on an affected system and elevate their privileges to root. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to elevate their privileges to root.
55 stars
CVSS 8.7
CVE-2024-25153 NOMISEC CRITICAL WORKING POC
FileCatalyst Workflow Web Portal - Path Traversal
A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended ‘uploadtemp’ directory with a specially crafted POST request. In situations where a file is successfully uploaded to web portal’s DocumentRoot, specially crafted JSP files could be used to execute code, including web shells.
42 stars
CVSS 9.8
CVE-2022-23253 NOMISEC MEDIUM WORKING POC
Windows - Denial of Service in Point-to-Point Tunneling Protocol
Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerability
5 stars
CVSS 6.5
CVE-2018-19613 WRITEUP MEDIUM WRITEUP
Westermo DR-250, DR-260 <5162 - CSRF
Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers allow CSRF.
CVSS 6.5
CVE-2018-19614 WRITEUP MEDIUM WRITEUP
Westermo DR-250 and DR-260 Firmware - Cross-Site Scripting via cmdexec Endpoint
XSS exists in the /cmdexec/cmdexe?cmd= function in Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers.
CVSS 6.1
CVE-2018-10956 EXPLOITDB HIGH ruby WORKING POC
IPConfigure Orchid Core VMS 2.0.5 - Path Traversal
IPConfigure Orchid Core VMS 2.0.5 allows Directory Traversal.
CVSS 7.5