UnD3sc0n0c1d0

16 exploits Active since Apr 2016
CVE-2023-32784 NOMISEC HIGH WORKING POC
Keepass < 2.54 - Cleartext Transmission
In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of the entire system. The first character cannot be recovered. In 2.54, there is different API usage and/or random string insertion for mitigation.
6 stars
CVSS 7.5
CVE-2022-1292 NOMISEC HIGH WORKING POC
Siemens Brownfield Connectivity Gateway < 2.15 - OS Command Injection
The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).
6 stars
CVSS 7.3
CVE-2020-2038 NOMISEC HIGH WORKING POC
Palo Alto Networks Authenticated Remote Code Execution
An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts: PAN-OS 9.0 versions earlier than 9.0.10; PAN-OS 9.1 versions earlier than 9.1.4; PAN-OS 10.0 versions earlier than 10.0.1.
5 stars
CVSS 7.2
CVE-2022-40684 NOMISEC CRITICAL WORKING POC
Fortinet Fortiproxy < 7.0.7 - Authentication Bypass
An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
4 stars
CVSS 9.8
CVE-2021-21514 NOMISEC MEDIUM WORKING POC
Dell Openmanage Server Administrator < 9.5.0 - Path Traversal
Dell EMC OpenManage Server Administrator (OMSA) versions 9.5 and prior contain a path traversal vulnerability. A remote user with admin privileges could potentially exploit this vulnerability to view arbitrary files on the target system by sending a specially crafted URL request.
2 stars
CVSS 4.9
CVE-2020-5377 NOMISEC CRITICAL WORKING POC
Dell Emc Openmanage Server Administrator < 9.4 - Path Traversal
Dell EMC OpenManage Server Administrator (OMSA) versions 9.4 and prior contain multiple path traversal vulnerabilities. An unauthenticated remote attacker could potentially exploit these vulnerabilities by sending a crafted Web API request containing directory traversal character sequences to gain file system access on the compromised management station.
2 stars
CVSS 9.1
CVE-2016-4004 NOMISEC MEDIUM WORKING POC
Dell OMSA 8.2 - Path Traversal
Directory traversal vulnerability in Dell OpenManage Server Administrator (OMSA) 8.2 allows remote authenticated administrators to read arbitrary files via a ..\ (dot dot backslash) in the file parameter to ViewFile.
2 stars
CVSS 4.9
CVE-2020-14181 NOMISEC MEDIUM WORKING POC
Atlassian Data Center < 7.13.6 - Information Disclosure
Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the /ViewUserHover.jspa endpoint. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, and from version 8.6.0 before 8.12.0.
1 stars
CVSS 5.3
CVE-2019-3403 NOMISEC MEDIUM WORKING POC
Atlassian Jira < 7.13.3 - Incorrect Authorization
The /rest/api/2/user/picker rest resource in Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 allows remote attackers to enumerate usernames via an incorrect authorisation check.
1 stars
CVSS 5.3
CVE-2020-13426 EXPLOITDB MEDIUM text WORKING POC
WordPress Multi-Scheduler <1.0.0 - CSRF
The Multi-Scheduler plugin 1.0.0 for WordPress has a Cross-Site Request Forgery (CSRF) vulnerability in the forms it presents, allowing the possibility of deleting records (users) when an ID is known.
CVSS 6.5
CVE-2020-2038 METASPLOIT HIGH ruby WORKING POC
Palo Alto Networks Authenticated Remote Code Execution
An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts: PAN-OS 9.0 versions earlier than 9.0.10; PAN-OS 9.1 versions earlier than 9.1.4; PAN-OS 10.0 versions earlier than 10.0.1.
CVSS 7.2
CVE-2020-24186 EXPLOITDB CRITICAL bash WORKING POC
gVectors wpDiscuz <7.0.4 - RCE
A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action.
CVSS 10.0
CVE-2022-2941 EXPLOITDB MEDIUM text WRITEUP
Wp-useronline < 2.88.1 - XSS
The WP-UserOnline plugin for WordPress has multiple Stored Cross-Site Scripting vulnerabilities in versions up to, and including 2.88.0. This is due to the fact that all fields in the "Naming Conventions" section do not properly sanitize user input, nor escape it on output. This makes it possible for authenticated attackers, with administrative privileges, to inject JavaScript code into the setting that will execute whenever a user accesses the injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
CVSS 5.5
EIP-2026-114172 EXPLOITDB text WRITEUP
WordPress Plugin Videos sync PDF 1.7.4 - Stored Cross Site Scripting (XSS)
EIP-2026-113515 EXPLOITDB text WRITEUP
Wordpress Plugin 3dady real-time web stats 1.0 - Stored Cross Site Scripting (XSS)
CVE-2020-2038 EXPLOITDB HIGH python WORKING POC
Palo Alto Networks Authenticated Remote Code Execution
An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts: PAN-OS 9.0 versions earlier than 9.0.10; PAN-OS 9.1 versions earlier than 9.1.4; PAN-OS 10.0 versions earlier than 10.0.1.
CVSS 7.2