Noam Moshe

30 exploits Active since Sep 2019
CVE-2025-64127 WRITEUP CRITICAL WRITEUP
Zenitel TCIV-3+ < 9.3.3.0 - Unauthenticated OS Command Injection
An OS command injection vulnerability exists due to insufficient sanitization of user-supplied input. The application accepts parameters that are later incorporated into OS commands without adequate validation. This could allow an unauthenticated attacker to execute arbitrary commands remotely.
CVSS 10.0
CVE-2025-64128 WRITEUP CRITICAL WRITEUP
Zenitel TCIV-3+ < 9.3.3.0 - Unauthenticated OS Command Injection
An OS command injection vulnerability exists due to incomplete validation of user-supplied input. Validation fails to enforce sufficient formatting rules, which could permit attackers to append arbitrary data. This could allow an unauthenticated attacker to inject arbitrary commands.
CVSS 10.0
CVE-2025-64129 WRITEUP HIGH WRITEUP
Zenitel TCIV-3+ - Memory Corruption
Zenitel TCIV-3+ is vulnerable to an out-of-bounds write vulnerability, which could allow a remote attacker to crash the device.
CVSS 7.6
CVE-2025-64130 WRITEUP CRITICAL WRITEUP
Zenitel TCIV-3+ < 9.3.3.0 - Reflected Cross-Site Scripting
Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting vulnerability, which could allow a remote attacker to execute arbitrary JavaScript on the victim's browser.
CVSS 9.8
CVE-2019-16383 EXPLOITDB CRITICAL text WORKING POC
Progress MOVEit Transfer <11.1.1 - SQL Injection
MOVEit.DMZ.WebApi.dll in Progress MOVEit Transfer 2018 SP2 before 10.2.4, 2019 before 11.0.2, and 2019.1 before 11.1.1 allows an unauthenticated attacker to gain unauthorized access to the database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, or may be able to alter the database via the REST API, aka SQL Injection.
CVSS 9.4