bananoname

3 exploits Active since Oct 2021
CVE-2021-42013 NOMISEC CRITICAL WORKING POC
Apache HTTP Server < 9.2.6.0 - Path Traversal
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions.
1 stars
CVSS 9.8
CVE-2024-49138 NOMISEC HIGH WORKING POC
Microsoft Windows 10 1507 < 10.0.10240.20857 - Heap Buffer Overflow
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVSS 7.8
CVE-2024-6386 NOMISEC CRITICAL WRITEUP
WPML <4.6.12 - RCE
The WPML plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.6.12 via Twig Server-Side Template Injection. This is due to missing input validation and sanitization on the render function. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server.
CVSS 9.9