S1lkys

8 exploits Active since Apr 2020
CVE-2020-15906 NOMISEC CRITICAL WORKING POC
Tiki 16.3-21.1 - Authentication Bypass via Excessive Login Attempts
tiki-login.php in Tiki before 21.2 sets the admin password to a blank value after 50 invalid login attempts.
49 stars
CVSS 9.8
CVE-2020-11107 NOMISEC HIGH WRITEUP
XAMPP <7.2.29, <7.3.16, <7.4.4 - Command Injection
An issue was discovered in XAMPP before 7.2.29, 7.3.x before 7.3.16 , and 7.4.x before 7.4.4 on Windows. An unprivileged user can change a .exe configuration in xampp-contol.ini for all users (including admins) to enable arbitrary command execution.
32 stars
CVSS 8.8
CVE-2023-30367 NOMISEC HIGH WORKING POC
mRemoteNG <= 1.76.20 and <= 1.77.3-dev - Cleartext Storage of Sensitive Information in Memory
Multi-Remote Next Generation Connection Manager (mRemoteNG) is free software that enables users to store and manage multi-protocol connection configurations to remotely connect to systems. mRemoteNG configuration files can be stored in an encrypted state on disk. mRemoteNG version <= v1.76.20 and <= 1.77.3-dev loads configuration files in plain text into memory (after decrypting them if necessary) at application start-up, even if no connection has been established yet. This allows attackers to access contents of configuration files in plain text through a memory dump and thus compromise user credentials when no custom password encryption key has been set. This also bypasses the connection configuration file encryption setting by dumping already decrypted configurations from memory.
16 stars
CVSS 7.5
CVE-2020-11107 NOMISEC HIGH WRITEUP
XAMPP <7.2.29, <7.3.16, <7.4.4 - Command Injection
An issue was discovered in XAMPP before 7.2.29, 7.3.x before 7.3.16 , and 7.4.x before 7.4.4 on Windows. An unprivileged user can change a .exe configuration in xampp-contol.ini for all users (including admins) to enable arbitrary command execution.
3 stars
CVSS 8.8
CVE-2021-24884 NOMISEC CRITICAL WORKING POC
Formidable Form Builder <4.09.05 - HTML Injection
The Formidable Form Builder WordPress plugin before 4.09.05 allows to inject certain HTML Tags like <audio>,<video>,<img>,<a> and<button>.This could allow an unauthenticated, remote attacker to exploit a HTML-injection byinjecting a malicous link. The HTML-injection may trick authenticated users to follow the link. If the Link gets clicked, Javascript code can be executed. The vulnerability is due to insufficient sanitization of the "data-frmverify" tag for links in the web-based entry inspection page of affected systems. A successful exploitation incomibantion with CSRF could allow the attacker to perform arbitrary actions on an affected system with the privileges of the user. These actions include stealing the users account by changing their password or allowing attackers to submit their own code through an authenticated user resulting in Remote Code Execution. If an authenticated user who is able to edit Wordpress PHP Code in any kind, clicks the malicious link, PHP code can be edited.
1 stars
CVSS 9.6
CVE-2020-12446 NOMISEC HIGH WORKING POC
G.SKILL Trident Z Lighting Control <1.00.08 - Privilege Escalation
The ene.sys driver in G.SKILL Trident Z Lighting Control through 1.00.08 exposes mapping and un-mapping of physical memory, reading and writing to Model Specific Register (MSR) registers, and input from and output to I/O ports to local non-privileged users. This leads to privilege escalation to NT AUTHORITY\SYSTEM.
CVSS 7.8
CVE-2021-40101 NOMISEC HIGH WORKING POC
Concrete CMS < 8.5.7 - Unauthenticated Password Change via Dashboard
An issue was discovered in Concrete CMS before 8.5.7. The Dashboard allows a user's password to be changed without a prompt for the current password.
CVSS 7.2
CVE-2020-29254 NOMISEC HIGH WRITEUP
TikiWiki 21.2 - Cross-Site Request Forgery in Template Editor
TikiWiki 21.2 allows templates to be edited without CSRF protection. This could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to follow a maliciously crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system with the privileges of the user. These action include allowing attackers to submit their own code through an authenticated user resulting in local file Inclusion. If an authenticated user who is able to edit TikiWiki templates visits an malicious website, template code can be edited.
CVSS 8.8