aeyesec

4 exploits Active since Apr 2022
CVE-2022-34265 NOMISEC CRITICAL WORKING POC
Django 3.2-3.2.14 - SQL Injection via Trunc() and Extract() Database Functions
An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected.
124 stars
CVSS 9.8
CVE-2021-31805 NOMISEC CRITICAL WORKING POC
Apache Struts 2.0.0-2.5.29 - Remote Code Execution via Forced OGNL Evaluation
The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation.
5 stars
CVSS 9.8
CVE-2023-22432 NOMISEC MEDIUM WRITEUP
web2py < 2.23.1 - Open Redirect via Crafted URL
Open redirect vulnerability exists in web2py versions prior to 2.23.1. When using the tool, a web2py user may be redirected to an arbitrary website by accessing a specially crafted URL. As a result, the user may become a victim of a phishing attack.
3 stars
CVSS 6.1
CVE-2024-27316 NOMISEC HIGH WORKING POC
Apache HTTP Server 2.4.17-2.4.58 - Denial of Service via HTTP/2 Header Buffering
HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.
2 stars
CVSS 7.5