Tas9er

2 exploits Active since Mar 2021

CVE-2022-22947 NOMISEC CRITICAL STUB

Spring Cloud Gateway Remote Code Execution

In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.

30 stars

CVSS 10.0

View Code

CVE-2021-22986 NOMISEC CRITICAL SUSPICIOUS

F5 iControl REST Unauthenticated SSRF Token Generation RCE

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2, the iControl REST interface has an unauthenticated remote command execution vulnerability. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

14 stars

CVSS 9.8

View Code