Toxich4

4 exploits Active since Mar 2023
CVE-2023-33253 NOMISEC HIGH WORKING POC
LabCollector 6.0-6.15 - Authenticated Remote Code Execution via Message Function File Upload
LabCollector 6.0 though 6.15 allows remote code execution. An authenticated remote low-privileged user can upload an executable PHP file and execute system commands. The vulnerability is in the message function, and is due to insufficient validation of the file (such as shell.jpg.php.shell) being sent.
4 stars
CVSS 8.8
CVE-2023-30459 NOMISEC HIGH WORKING POC
SmartPTT SCADA 1.1.0.0 - Authenticated Remote Code Execution via C# Script Upload
SmartPTT SCADA 1.1.0.0 allows remote code execution (when the attacker has administrator privileges) by writing a malicious C# script and executing it on the server (via server settings in the administrator control panel on port 8101, by default).
3 stars
CVSS 7.2
CVE-2024-34469 NOMISEC HIGH WRITEUP
Rukovoditel < 3.5.3 - Cross-Site Scripting via User Photo Upload
Rukovoditel before 3.5.3 allows XSS via user_photo to index.php?module=users/registration&action=save.
1 stars
CVSS 7.1
CVE-2022-32199 NOMISEC MEDIUM WORKING POC
ScriptCase < 9.9.008 - Authenticated Arbitrary File Deletion via db_convert.php File Parameter
db_convert.php in ScriptCase through 9.9.008 is vulnerable to Arbitrary File Deletion by an admin via a directory traversal sequence in the file parameter.
1 stars
CVSS 6.5