ambionics - Security Researcher - Exploit Intelligence Platform

CVE-2024-2961 NOMISEC HIGH WORKING POC

GNU C Library <2.39 - Buffer Overflow

The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.

504 stars

CVSS 7.3

View Code

CVE-2021-3129 NOMISEC CRITICAL WORKING POC

Ignition < 2.5.2 - Unauthenticated Remote Code Execution via file_get_contents() and file_put_contents()

Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.

285 stars

CVSS 9.8

View Code

CVE-2018-13784 NOMISEC CRITICAL WORKING POC

PrestaShop <1.6.1.20 & <1.7.3.4 - Info Disclosure

PrestaShop before 1.6.1.20 and 1.7.x before 1.7.3.4 mishandles cookie encryption in Cookie.php, Rinjdael.php, and Blowfish.php.

48 stars

CVSS 9.1

View Code

CVE-2023-49105 NOMISEC CRITICAL WORKING POC

ownCloud <10.13.1 - Info Disclosure

An issue was discovered in ownCloud owncloud/core before 10.13.1. An attacker can access, modify, or delete any file without authentication if the username of a victim is known, and the victim has no signing-key configured. This occurs because pre-signed URLs can be accepted even when no signing-key is configured for the owner of the files. The earliest affected version is 10.6.0.

36 stars

CVSS 9.8

View Code

CVE-2026-9082 GITHUB CRITICAL python WORKING POC

Drupal core - Highly critical - SQL injection - SA-CORE-2026-004

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Drupal Drupal core allows SQL Injection. This issue affects Drupal core: from 8.9.0 before 10.4.10, from 10.5.0 before 10.5.10, from 10.6.0 before 10.6.9, from 11.0.0 before 11.1.10, from 11.2.0 before 11.2.12, from 11.3.0 before 11.3.10.

7 stars

CVSS 9.8

View Code

CVE-2024-2961 NOMISEC HIGH SCANNER

GNU C Library <2.39 - Buffer Overflow

The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.

CVSS 7.3

View Code

CVE-2021-3129 METASPLOIT CRITICAL ruby WORKING POC

Ignition < 2.5.2 - Unauthenticated Remote Code Execution via file_get_contents() and file_put_contents()

Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.

CVSS 9.8

View Code