Zach Hanley

23 exploits Active since May 2022
CVE-2022-1388 NOMISEC CRITICAL WORKING POC
F5 BIG-IP iControl RCE via REST Authentication Bypass
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
231 stars
CVSS 9.8
CVE-2023-34051 NOMISEC CRITICAL WORKING POC
VMware Aria Operations for Logs - RCE
VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.
61 stars
CVSS 9.8
CVE-2024-9464 NOMISEC MEDIUM WORKING POC
Paloaltonetworks Expedition < 1.2.96 - OS Command Injection
An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.
45 stars
CVSS 6.5
CVE-2023-38035 NOMISEC CRITICAL WORKING POC
Ivanti Sentry MICSLogService Auth Bypass resulting in RCE (CVE-2023-38035)
A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.
40 stars
CVSS 9.8
CVE-2025-64155 NOMISEC CRITICAL WORKING POC
Fortinet Fortisiem < 7.1.9 - OS Command Injection
An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, FortiSIEM 7.0.0 through 7.0.4, FortiSIEM 6.7.0 through 6.7.10 may allow an attacker to execute unauthorized code or commands via crafted TCP requests.
30 stars
CVSS 9.8
CVE-2026-22200 NOMISEC HIGH WORKING POC
Enhancesoft Osticket < 1.17.7 - Injection
Enhancesoft osTicket versions 1.18.x prior to 1.18.3 and 1.17.x prior to 1.17.7 contain an arbitrary file read vulnerability in the ticket PDF export functionality. A remote attacker can submit a ticket containing crafted rich-text HTML that includes PHP filter expressions which are insufficiently sanitized before being processed by the mPDF PDF generator during export. When the attacker exports the ticket to PDF, the generated PDF can embed the contents of attacker-selected files from the server filesystem as bitmap images, allowing disclosure of sensitive local files in the context of the osTicket application user. This issue is exploitable in default configurations where guests may create tickets and access ticket status, or where self-registration is enabled.
8 stars
CVSS 7.5
CVE-2025-11700 GITHUB HIGH python WORKING POC
N-able N-Central Authentication Bypass and XXE Scanner
N-central versions < 2025.4 are vulnerable to multiple XML External Entities injection leading to information disclosure
2 stars
CVSS 7.5
CVE-2025-9316 NOMISEC MEDIUM WORKING POC
N-central <2025.4 - Info Disclosure
N-central < 2025.4 can generate sessionIDs for unauthenticated users This issue affects N-central: before 2025.4.
2 stars
CVE-2024-5910 METASPLOIT CRITICAL ruby WORKING POC
Palo Alto Expedition Remote Code Execution (CVE-2024-5910 and CVE-2024-9464)
Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition. Note: Expedition is a tool aiding in configuration migration, tuning, and enrichment. Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue.
CVSS 9.8
CVE-2024-24809 METASPLOIT HIGH ruby WORKING POC
Traccar - Unrestricted File Upload
Traccar is an open source GPS tracking system. Versions prior to 6.0 are vulnerable to path traversal and unrestricted upload of file with dangerous type. Since the system allows registration by default, attackers can acquire ordinary user permissions by registering an account and exploit this vulnerability to upload files with the prefix `device.` under any folder. Attackers can use this vulnerability for phishing, cross-site scripting attacks, and potentially execute arbitrary commands on the server. Version 6.0 contains a patch for the issue.
CVSS 8.5
CVE-2022-31706 VULNCHECK_XDB CRITICAL WORKING POC
Vmware Vrealize Log Insight < 4.8 - Path Traversal
The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.
CVSS 9.8
CVE-2022-31711 VULNCHECK_XDB MEDIUM WORKING POC
Vmware Vrealize Log Insight < 4.8 - Information Disclosure
VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication.
CVSS 5.3
CVE-2022-31704 VULNCHECK_XDB CRITICAL WORKING POC
Vmware Vrealize Log Insight < 4.8 - Improper Access Control
The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution.
CVSS 9.8
CVE-2024-28987 METASPLOIT CRITICAL ruby WORKING POC
SolarWinds Web Help Desk - Hardcoded Credential
The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.
CVSS 9.1
CVE-2024-0204 METASPLOIT CRITICAL ruby WORKING POC
Fortra GoAnywhere MFT Unauthenticated Remote Code Execution
Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.
CVSS 9.8
CVE-2023-48788 METASPLOIT CRITICAL ruby WORKING POC
Fortinet Forticlient Endpoint Management Server - SQL Injection
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets.
CVSS 9.8
CVE-2023-28324 METASPLOIT CRITICAL ruby WORKING POC
Ivanti Endpoint Manager < 2022 - Improper Input Validation
A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege escalation or remote code execution.
CVSS 9.8
CVE-2022-39952 METASPLOIT CRITICAL ruby WORKING POC
Fortinet FortiNAC keyUpload.jsp arbitrary file write
A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP request.
CVSS 9.8
CVE-2023-38035 METASPLOIT CRITICAL ruby WORKING POC
Ivanti Sentry MICSLogService Auth Bypass resulting in RCE (CVE-2023-38035)
A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.
CVSS 9.8
CVE-2024-9464 METASPLOIT MEDIUM ruby WORKING POC
Paloaltonetworks Expedition < 1.2.96 - OS Command Injection
An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.
CVSS 6.5
CVE-2023-26067 METASPLOIT HIGH ruby WORKING POC
Lexmark <2023-02-19 - Info Disclosure
Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 1 of 4).
CVSS 8.1
CVE-2022-40684 METASPLOIT CRITICAL ruby WORKING POC
Fortinet Fortiproxy < 7.0.7 - Authentication Bypass
An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
CVSS 9.8
CVE-2022-40684 EXPLOITDB CRITICAL python WORKING POC
Fortinet Fortiproxy < 7.0.7 - Authentication Bypass
An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
CVSS 9.8