caopengyan

2 exploits Active since May 2023
CVE-2023-3450 NOMISEC MEDIUM SCANNER
Ruijie RG-BCR860 2.5.13 - OS Command Injection via Network Diagnostic Page
A vulnerability was found in Ruijie RG-BCR860 2.5.13 and classified as critical. This issue affects some unknown processing of the component Network Diagnostic Page. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232547. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
1 stars
CVSS 4.7
CVE-2023-2825 NOMISEC CRITICAL WORKING POC
GitLab Authenticated File Read
An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups.
CVSS 10.0