adhikara13

15 exploits Active since Jan 2023
CVE-2023-25136 NOMISEC MEDIUM SCANNER
Openbsd Openssh - Double Free
OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible."
47 stars
CVSS 6.5
CVE-2022-4510 NOMISEC HIGH WORKING POC
Microsoft Binwalk < 2.3.3 - Path Traversal
A path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 included. By crafting a malicious PFS filesystem file, an attacker can get binwalk's PFS extractor to extract files at arbitrary locations when binwalk is run in extraction mode (-e option). Remote code execution can be achieved by building a PFS filesystem that, upon extraction, would extract a malicious binwalk module into the folder .config/binwalk/plugins. This vulnerability is associated with program files src/binwalk/plugins/unpfs.py. This issue affects binwalk from 2.1.2b through 2.3.3 included.
14 stars
CVSS 7.8
CVE-2024-3273 NOMISEC HIGH WORKING POC
Dlink Dns-320l Firmware - Command Injection
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.
13 stars
CVSS 7.3
CVE-2023-24489 NOMISEC CRITICAL WORKING POC
ShareFile - RCE
A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller.
13 stars
CVSS 9.8
CVE-2023-27350 NOMISEC CRITICAL WORKING POC
Papercut MF < 20.1.7 - Improper Access Control
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987.
9 stars
CVSS 9.8
CVE-2023-23752 NOMISEC MEDIUM SCANNER
Joomla! < 4.2.8 - Improper Access Control
An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
7 stars
CVSS 5.3
CVE-2024-9441 NOMISEC CRITICAL WORKING POC
Linear eMerge e3-Series <1.00-07 - Command Injection
The Linear eMerge e3-Series through version 1.00-07 is vulnerable to an OS command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary OS commands via the login_id parameter when invoking the forgot_password functionality over HTTP.
2 stars
CVSS 9.8
CVE-2024-2389 NOMISEC CRITICAL WORKING POC
Progress Kemp Flowmon - Command Injection
In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified.  An unauthenticated user can gain entry to the system via the Flowmon management interface, allowing for the execution of arbitrary system commands.
2 stars
CVSS 10.0
CVE-2022-44268 NOMISEC MEDIUM WORKING POC
ImageMagick 7.1.0-49 - Info Disclosure
ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it).
2 stars
CVSS 6.5
CVE-2023-38829 NOMISEC HIGH WRITEUP
NETIS SYSTEMS WF2409E <3.6.42541 - RCE
An issue in NETIS SYSTEMS WF2409E v.3.6.42541 allows a remote attacker to execute arbitrary code via the ping and traceroute functions of the diagnostic tools component in the admin management interface.
1 stars
CVSS 8.8
CVE-2023-42336 WRITEUP CRITICAL WRITEUP
Netis-systems Wf2409e Firmware - Hard-coded Credentials
An issue in NETIS SYSTEMS WF2409Ev4 v.1.0.1.705 allows a remote attacker to execute arbitrary code and obtain sensitive information via the password parameter in the /etc/shadow.sample component.
CVSS 9.8
CVE-2023-43890 WRITEUP HIGH WRITEUP
Netis N3Mv2-V1.0.1.865 - Command Injection
Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the diagnostic tools page. This vulnerability is exploited via a crafted HTTP request.
CVSS 8.8
CVE-2023-44860 WRITEUP HIGH WRITEUP
Netis-systems N3m Firmware - Incorrect Authorization
An issue in NETIS SYSTEMS N3Mv2 v.1.0.1.865 allows a remote attacker to cause a denial of service via the authorization component in the HTTP request.
CVSS 7.5
CVE-2023-45463 WRITEUP HIGH WRITEUP
Netis-systems N3m Firmware - Buffer Overflow
Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the hostName parameter in the FUN_0040dabc function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVSS 7.5
CVE-2024-22729 METASPLOIT CRITICAL ruby WORKING POC
Netis MW5360 V1.0.1.3031 - Command Injection
NETIS SYSTEMS MW5360 V1.0.1.3031 was discovered to contain a command injection vulnerability via the password parameter on the login page.
CVSS 9.8