Yuma-Tsushima07

3 exploits Active since Feb 2023
CVE-2024-3094 NOMISEC CRITICAL SCANNER
xz <5.6.0 - Code Injection
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library.
4 stars
CVSS 10.0
CVE-2023-26035 NOMISEC HIGH WORKING POC
ZoneMinder <1.36.33-1.37.33 - RCE
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id. This issue is fixed in This issue is fixed in versions 1.36.33 and 1.37.33.
3 stars
CVSS 7.2
CVE-2024-40443 NOMISEC MEDIUM STUB
Simple Laboratory Management System 1.0 - SQL Injection
SQL Injection vulnerability in Simple Laboratory Management System using PHP and MySQL v.1.0 allows a remote attacker to cause a denial of service via the delete_users function in the Useres.php
CVSS 4.3