acfirthh

2 exploits Active since Dec 2021

CVE-2022-26134 NOMISEC CRITICAL WORKING POC

Confluence - Remote Code Execution

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.

1 stars

CVSS 9.8

View Code

CVE-2021-41805 NOMISEC HIGH WORKING POC

HashiCorp Consul Enterprise < 1.8.17, 1.9.x < 1.9.11, 1.10.x < 1.10.4 - Incorrect Access Control via Namespace ACL Token

HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1.10.x before 1.10.4 has Incorrect Access Control. An ACL token (with the default operator:write permissions) in one namespace can be used for unintended privilege escalation in a different namespace.

CVSS 8.8

View Code