ZZ-SOCMAP

8 exploits Active since Apr 2021
CVE-2022-21907 NOMISEC CRITICAL WORKING POC
HTTP Protocol Stack - RCE
HTTP Protocol Stack Remote Code Execution Vulnerability
363 stars
CVSS 9.8
CVE-2022-0847 NOMISEC HIGH WORKING POC
Dirty Pipe Local Privilege Escalation via CVE-2022-0847
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.
58 stars
CVSS 7.8
CVE-2022-22536 NOMISEC CRITICAL WORKING POC
SAP NetWeaver - Request Smuggling
SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.
51 stars
CVSS 10.0
CVE-2021-31166 NOMISEC CRITICAL WORKING POC
Windows IIS HTTP Protocol Stack DOS
HTTP Protocol Stack Remote Code Execution Vulnerability
19 stars
CVSS 9.8
CVE-2021-22214 NOMISEC MEDIUM WORKING POC
Gitlab < 13.10.5 - SSRF
When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is limited
10 stars
CVSS 6.8
CVE-2021-22205 NOMISEC CRITICAL WORKING POC
Gitlab < 13.8.8 - Code Injection
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.
7 stars
CVSS 10.0
CVE-2023-27524 NOMISEC HIGH WORKING POC
Apache Superset Signed Cookie Priv Esc
Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config. All superset installations should always set a unique secure random SECRET_KEY. Your SECRET_KEY is used to securely sign all session cookies and encrypting sensitive information on the database. Add a strong SECRET_KEY to your `superset_config.py` file like: SECRET_KEY = <YOUR_OWN_RANDOM_GENERATED_SECRET_KEY> Alternatively you can set it with `SUPERSET_SECRET_KEY` environment variable.
3 stars
CVSS 8.9
CVE-2022-24990 NOMISEC HIGH SCANNER
TerraMaster TOS 4.2.29 or lower - Unauthenticated RCE chaining CVE-2022-24990 and CVE-2022-24989
TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response.
3 stars
CVSS 7.5