ShielderSec

3 exploits Active since Sep 2019
CVE-2020-11579 NOMISEC HIGH WORKING POC
Chadha PHPKB 9.0 Enterprise Edition - Unauthenticated Local File Disclosure via Installer Test Connection
An issue was discovered in Chadha PHPKB 9.0 Enterprise Edition. installer/test-connection.php (part of the installation process) allows a remote unauthenticated attacker to disclose local files on hosts running PHP before 7.2.16, or on hosts where the MySQL ALLOW LOCAL DATA INFILE option is enabled.
25 stars
CVSS 7.5
CVE-2017-18635 NOMISEC MEDIUM WORKING POC
noVNC < 0.6.2 - Cross-Site Scripting via VNC Server Status Field
An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name.
5 stars
CVSS 6.1
CVE-2017-18635 WRITEUP MEDIUM WORKING POC
noVNC < 0.6.2 - Cross-Site Scripting via VNC Server Status Field
An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name.
CVSS 6.1