badboycxcc

9 exploits Active since Dec 2021
CVE-2022-29383 NOMISEC CRITICAL WRITEUP
NETGEAR ProSafe SSL VPN - SQL Injection
NETGEAR ProSafe SSL VPN firmware FVS336Gv2 and FVS336Gv3 was discovered to contain a SQL injection vulnerability via USERDBDomains.Domainname at cgi-bin/platform.cgi.
27 stars
CVSS 9.8
CVE-2022-30489 NOMISEC MEDIUM WORKING POC
WAVLINK WN535 G3 - Cross-Site Scripting via Hostname Parameter
WAVLINK WN535 G3 was discovered to contain a cross-site scripting (XSS) vulnerability via the hostname parameter at /cgi-bin/login.cgi.
2 stars
CVSS 6.1
CVE-2021-43469 NOMISEC HIGH WRITEUP
VINGA WR-N300U 77.102.1.4853 - OS Command Injection in goahead Component
VINGA WR-N300U 77.102.1.4853 is affected by a command execution vulnerability in the goahead component.
1 stars
CVSS 8.8
CVE-2021-45232 NOMISEC CRITICAL WRITEUP
Apache APISIX Dashboard < 2.10.1 - Unauthenticated API Access via Gin Framework Bypass
In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework `droplet` on the basis of framework `gin`, all APIs and authentication middleware are developed based on framework `droplet`, but some API directly use the interface of framework `gin` thus bypassing the authentication.
CVSS 9.8
CVE-2022-2643 WRITEUP MEDIUM WRITEUP
SourceCodester Online Admission System - SQL Injection
A vulnerability has been found in SourceCodester Online Admission System and classified as critical. This vulnerability affects unknown code of the component POST Parameter Handler. The manipulation of the argument shift leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this entry is VDB-205564.
CVSS 6.3
CVE-2022-2644 WRITEUP MEDIUM WRITEUP
SourceCodester Online Admission System - SQL Injection
A vulnerability was found in SourceCodester Online Admission System and classified as critical. This issue affects some unknown processing of the component GET Parameter Handler. The manipulation of the argument eid leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-205565 was assigned to this vulnerability.
CVSS 5.5
CVE-2022-2646 WRITEUP LOW WORKING POC
SourceCodester Online Admission System - XSS
A vulnerability, which was classified as problematic, was found in SourceCodester Online Admission System. Affected is an unknown function of the file index.php. The manipulation of the argument eid with the input 8</h3><script>alert(1)</script> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205572.
CVSS 3.5
CVE-2022-31373 WRITEUP MEDIUM WORKING POC
SolarView Compact v6.0 - XSS
SolarView Compact v6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Solar_AiConf.php.
CVSS 6.1
CVE-2022-31374 WRITEUP CRITICAL WRITEUP
SolarView Compact 6.0 - RCE
An arbitrary file upload vulnerability /images/background/1.php in of SolarView Compact 6.0 allows attackers to execute arbitrary code via a crafted php file.
CVSS 9.8