Tomas Castro Rojas

6 exploits Active since Jan 2024
CVE-2023-27098 WRITEUP HIGH WRITEUP
TP-Link Tapo <v2.12.703 - Info Disclosure
TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel.
CVSS 7.5
CVE-2024-23054 WRITEUP CRITICAL WRITEUP
Plone Docker Official Image 5.2.13 - Remote Code Execution via Missing npm Package in Static Components
An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution due to a package listed in ++plone++static/components not existing in the public package index (npm).
CVSS 9.8
CVE-2024-23055 WRITEUP MEDIUM WRITEUP
Plone Docker - Host Header Injection
An issue in Plone Docker Official Image 5.2.13 (5221) open-source software allows for remote code execution via improper validation of input by the HOST headers.
CVSS 6.1
CVE-2024-23756 WRITEUP HIGH WRITEUP
Plone 5.2.13 - Unauthenticated Arbitrary File Upload and Deletion via HTTP PUT and DELETE Methods
The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 (5221), allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them.
CVSS 7.5
CVE-2024-26542 WRITEUP MEDIUM WRITEUP
Bonitasoft Bonita Web 7.14 - Stored Cross-Site Scripting via Groups Display Name Field
Cross Site Scripting vulnerability in Bonitasoft, S.A v.7.14. and fixed in v.9.0.2, 8.0.3, 7.15.7, 7.14.8 allows attackers to execute arbitrary code via a crafted payload to the Groups Display name field.
CVSS 6.1
CVE-2024-40137 WRITEUP MEDIUM WRITEUP
Dolibarr ERP CRM <19.0.2-php8.2 - RCE
Dolibarr ERP CRM before 19.0.2-php8.2 was discovered to contain a remote code execution (RCE) vulnerability via the Computed field parameter under the Users Module Setup function.
CVSS 5.5