brosck

5 exploits Active since Jul 2006
CVE-2022-1077 NOMISEC MEDIUM WORKING POC
TEM FLEX-1080 and FLEX-1085 1.6.0 - Unauthenticated Sensitive Information Exposure via Log Handler
A vulnerability was found in TEM FLEX-1080 and FLEX-1085 1.6.0. It has been declared as problematic. This vulnerability log.cgi of the component Log Handler. A direct request leads to information disclosure of hardware information. The attack can be initiated remotely and does not require any form of authentication.
4 stars
CVSS 5.3
CVE-2006-3392 NOMISEC WORKING POC
Usermin < 1.220 - Arbitrary File Read via Path Traversal with URL-Encoded Bypass
Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using "..%01" sequences, which bypass the removal of "../" sequences before bytes such as "%01" are removed from the filename. NOTE: This is a different issue than CVE-2006-3274.
3 stars
CVE-2022-4944 NOMISEC MEDIUM WORKING POC
kodcloud kodexplorer < 4.49 - Cross-Site Request Forgery
A vulnerability, which was classified as problematic, has been found in kalcaddle KodExplorer up to 4.49. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.50 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227000.
2 stars
CVSS 4.3
CVE-2022-1077 INTHEWILD MEDIUM WORKING POC
TEM FLEX-1080 and FLEX-1085 1.6.0 - Unauthenticated Sensitive Information Exposure via Log Handler
A vulnerability was found in TEM FLEX-1080 and FLEX-1085 1.6.0. It has been declared as problematic. This vulnerability log.cgi of the component Log Handler. A direct request leads to information disclosure of hardware information. The attack can be initiated remotely and does not require any form of authentication.
CVSS 5.3
CVE-2022-4944 INTHEWILD MEDIUM WORKING POC
kodcloud kodexplorer < 4.49 - Cross-Site Request Forgery
A vulnerability, which was classified as problematic, has been found in kalcaddle KodExplorer up to 4.49. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.50 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227000.
CVSS 4.3