aels

2 exploits Active since Aug 2022

CVE-2022-37042 NOMISEC CRITICAL WORKING POC

Zimbra Collaboration Suite 8.8.15/9.0 - Path Traversal & RCE via mboximport

Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication (i.e., not having an authtoken), an attacker can upload arbitrary files to the system, leading to directory traversal and remote code execution. NOTE: this issue exists because of an incomplete fix for CVE-2022-27925.

21 stars

CVSS 9.8

View Code

CVE-2022-2586 NOMISEC MEDIUM WORKING POC

Linux Kernel < 5.19.17 - Use-After-Free via NFT Object or Expression Reference

It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted.

20 stars

CVSS 5.3

View Code