andripwn

8 exploits Active since Feb 2019
CVE-2019-19844 NOMISEC CRITICAL WORKING POC
Django < 1.11.27 - Password Reset Weakness
Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token for the matched user account. (One mitigation in the new releases is to send password reset tokens only to the registered user email address.)
8 stars
CVSS 9.8
CVE-2019-16759 NOMISEC CRITICAL WORKING POC
vBulletin 5.x /ajax/render/widget_tabbedcontainer_tab_panel PHP remote code execution.
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.
4 stars
CVSS 9.8
CVE-2020-11107 NOMISEC HIGH WRITEUP
XAMPP <7.2.29, <7.3.16, <7.4.4 - Command Injection
An issue was discovered in XAMPP before 7.2.29, 7.3.x before 7.3.16 , and 7.4.x before 7.4.4 on Windows. An unprivileged user can change a .exe configuration in xampp-contol.ini for all users (including admins) to enable arbitrary command execution.
3 stars
CVSS 8.8
CVE-2019-0708 NOMISEC CRITICAL SCANNER
CVE-2019-0708 BlueKeep RDP Remote Windows Kernel Use After Free
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
3 stars
CVSS 9.8
CVE-2019-19781 NOMISEC CRITICAL SCANNER
Citrix ADC (NetScaler) Directory Traversal Scanner
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
2 stars
CVSS 9.8
CVE-2019-6453 NOMISEC HIGH WORKING POC
mIRC <7.55 - Command Injection
mIRC before 7.55 allows remote command execution by using argument injection through custom URI protocol handlers. The attacker can specify an irc:// URI that loads an arbitrary .ini file from a UNC share pathname. Exploitation depends on browser-specific URI handling (Chrome is not exploitable).
1 stars
CVSS 8.1
CVE-2019-11510 NOMISEC CRITICAL WORKING POC
Pulse Secure PCS <9.0R3.4 - Info Disclosure
In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .
1 stars
CVSS 10.0
CVE-2018-18852 NOMISEC HIGH WORKING POC
Cerio Dt-300n Firmware < 1.1.12 - OS Command Injection
Cerio DT-300N 1.1.6 through 1.1.12 devices allow OS command injection because of improper input validation of the web-interface PING feature's use of Save.cgi to execute a ping command, as exploited in the wild in October 2018.
1 stars
CVSS 8.8