Sameer S. Mohite

6 exploits Active since Aug 2021
CVE-2021-36921 WRITEUP HIGH WRITEUP
AIMANAGER < b115 - Improper Authentication via Authentication Response Tampering
AIMANAGER before B115 on MONITORAPP Application Insight Web Application Firewall (AIWAF) devices with Manager 2.1.0 has Improper Authentication. An attacker can gain administrative access by modifying the response to an authentication check request.
CVSS 8.8
CVE-2021-36982 WRITEUP HIGH WRITEUP
AIMANAGER b107-b115 - OS Command Injection via HTTP Request Parameter
AIMANAGER before B115 on MONITORAPP Application Insight Web Application Firewall (AIWAF) devices with Manager 2.1.0 allows OS Command Injection because of missing input validation on one of the parameters of an HTTP request.
CVSS 8.1
CVE-2022-28740 WRITEUP HIGH WRITEUP
aEnrich eHRD Learning Management Key Performance Indicator System 5+ - Information Disclosure
aEnrich eHRD Learning Management Key Performance Indicator System 5+ exposes Sensitive Information to an Unauthorized Actor.
CVSS 7.5
CVE-2022-28741 WRITEUP HIGH WRITEUP
aEnrich a+HRD 5.0-5.4.1125v112 - Local File Inclusion via Missing Input Validation
aEnrich a+HRD 5.x Learning Management Key Performance Indicator System has a local file inclusion (LFI) vulnerability that occurs due to missing input validation in v5.x
CVSS 8.1
CVE-2022-28742 WRITEUP HIGH WRITEUP
aEnrich eHRD Learning Management Key Performance Indicator System 5+ - Improper Access Control
aEnrich eHRD Learning Management Key Performance Indicator System 5+ has Improper Access Control. The web application does not validate user session when accessing many application pages. This can allow an attacker to gain unauthenticated access to sensitive functionalities in the application
CVSS 7.5
CVE-2023-28614 WRITEUP CRITICAL WRITEUP
Freewill iFIS <20.01.01.04 - Command Injection
Freewill iFIS (aka SMART Trade) 20.01.01.04 allows OS Command Injection via shell metacharacters to a report page.
CVSS 9.8