Unkn0wn

4 exploits Active since Sep 2018
CVE-2018-17182 NOMISEC HIGH WORKING POC
Linux kernel <4.18.8 - Use After Free
An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations.
1 stars
CVSS 7.8
CVE-2020-37137 EXPLOITDB MEDIUM text WORKING POC
PHP-Fusion 9.03.50 - Remote Code Execution via panels.php Panel Content Parameter
PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'add_panel_form()' function that allows attackers to execute arbitrary code through an eval() function with unsanitized POST data. Attackers can exploit the vulnerability by sending crafted panel_content POST parameters to the panels.php administration endpoint to execute malicious code.
CVSS 6.1
CVE-2020-37111 EXPLOITDB MEDIUM text WRITEUP
60CycleCMS 2.5.2 - Cross-Site Scripting via news.php GET Parameters
60CycleCMS 2.5.2 contains a cross-site scripting (XSS) vulnerability in news.php that allows attackers to inject malicious scripts through GET parameters. Attackers can craft malicious URLs with XSS payloads targeting the 'etsu' and 'ltsu' parameters to execute arbitrary scripts in victim's browsers. This issue does not involve SQL injection.
CVSS 6.1
CVE-2020-37110 EXPLOITDB HIGH text WRITEUP
60CycleCMS 2.5.2 - SQL Injection via News Title Parameter
60CycleCMS 2.5.2 contains an SQL injection vulnerability in news.php and common/lib.php that allows attackers to manipulate database queries through unvalidated user input. Attackers can exploit vulnerable query parameters like 'title' to inject malicious SQL code and potentially extract or modify database contents. This issue does not involve cross-site scripting.
CVSS 8.2