NingXin2002

5 exploits Active since Mar 2024
CVE-2024-27292 NOMISEC HIGH WORKING POC
Docassemble - Local File Inclusion
Docassemble is an expert system for guided interviews and document assembly. The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It affects versions 1.4.53 to 1.4.96. The vulnerability has been patched in version 1.4.97 of the master branch.
3 stars
CVSS 7.5
CVE-2024-41319 NOMISEC CRITICAL WORKING POC
TOTOLINK A6000R V1.0.1-B20201211.2000 - OS Command Injection via Webcmd Function
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the cmd parameter in the webcmd function.
2 stars
CVSS 9.8
CVE-2024-24919 NOMISEC HIGH WORKING POC
Check Point Quantum Gateway - Information Disclosure
Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.
2 stars
CVSS 8.6
CVE-2024-23692 NOMISEC CRITICAL WORKING POC
Rejetto HTTP File Server - Template injection
Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported.
1 stars
CVSS 9.8
CVE-2024-40348 NOMISEC HIGH WORKING POC
bazarr < 1.4.3 - Unauthenticated Path Traversal via /api/swaggerui/static
An issue in the component /api/swaggerui/static of Bazaar v1.4.3 allows unauthenticated attackers to execute a directory traversal.
CVSS 8.2