SECFORCE

10 exploits Active since Apr 2008
CVE-2017-3599 NOMISEC HIGH WORKING POC
MySQL Server <5.6.35, <5.7.17 - DoS
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue is an integer overflow in sql/auth/sql_authentication.cc which allows remote attackers to cause a denial of service via a crafted authentication packet.
23 stars
CVSS 7.5
CVE-2018-8941 NOMISEC HIGH WORKING POC
D-Link DSL-3782 Firmware EU 1.01 - Authenticated Buffer Overflow via Diagnostics_Entry Addr Parameter
Diagnostics functionality on D-Link DSL-3782 devices with firmware EU v. 1.01 has a buffer overflow, allowing authenticated remote attackers to execute arbitrary code via a long Addr value to the 'set Diagnostics_Entry' function in an HTTP request, related to /userfs/bin/tcapi.
9 stars
CVSS 8.8
CVE-2021-37748 NOMISEC HIGH WORKING POC
Grandstream HT801 Firmware < 1.0.29 - Authenticated Buffer Overflow via manage_if Setting
Multiple buffer overflows in the limited configuration shell (/sbin/gs_config) on Grandstream HT801 devices before 1.0.29 allow remote authenticated users to execute arbitrary code as root via a crafted manage_if setting, thus bypassing the intended restrictions of this shell and taking full control of the device. There are default weak credentials that can be used to authenticate.
5 stars
CVSS 8.8
CVE-2011-4107 NOMISEC MEDIUM WORKING POC
phpMyAdmin <3.4.7.1 & <3.3.10.5 - XXE Injection
The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.
4 stars
CVSS 6.5
CVE-2008-5416 NOMISEC WORKING POC
Microsoft SQL Server <9.00.1399.06 - Buffer Overflow
Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier; SQL Server 2000 Desktop Engine (MSDE 2000) SP4; SQL Server 2005 SP2 and 9.00.1399.06; SQL Server 2000 Desktop Engine (WMSDE) on Windows Server 2003 SP1 and SP2; and Windows Internal Database (WYukon) SP2 allows remote authenticated users to cause a denial of service (access violation exception) or execute arbitrary code by calling the sp_replwritetovarbin extended stored procedure with a set of invalid parameters that trigger memory overwrite, aka "SQL Server sp_replwritetovarbin Limited Memory Overwrite Vulnerability."
3 stars
CVE-2008-1613 NOMISEC WORKING POC
RedDot CMS <7.5.0.48 - SQL Injection
SQL injection vulnerability in ioRD.asp in RedDot CMS 7.5 Build 7.5.0.48, and possibly other versions including 6.5 and 7.0, allows remote attackers to execute arbitrary SQL commands via the LngId parameter.
2 stars
CVE-2018-1000082 NOMISEC HIGH
Ajenti 2 - Cross-Site Request Forgery in Command Execution Panel
Ajenti version version 2 contains a Cross ite Request Forgery (CSRF) vulnerability in the command execution panel of the tool used to manage the server. that can result in Code execution on the server . This attack appear to be exploitable via Being a CSRF, victim interaction is needed, when the victim access the infected trigger of the CSRF any code that match the victim privledges on the server can be executed..
1 stars
CVSS 8.8
CVE-2011-3368 NOMISEC WORKING POC
Apache HTTP Server 1.3.x-1.3.42, 2.0.x-2.0.64, 2.2.x-2.2.21 SSRF via Malformed URI with @
The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
1 stars
CVE-2020-28647 NOMISEC MEDIUM WRITEUP
Progress MOVEit Transfer < 2020.1 - Stored Cross-Site Scripting
In Progress MOVEit Transfer before 2020.1, a malicious user could craft and store a payload within the application. If a victim within the MOVEit Transfer instance interacts with the stored payload, it could invoke and execute arbitrary code within the context of the victim's browser (XSS).
CVSS 5.4
EIP-2026-103184 EXPLOITDB python WORKING POC
OpenSSH < 6.6 SFTP - Command Execution