cf

6 exploits Active since Dec 2016
CVE-2018-15133 NOMISEC HIGH WORKING POC
Laravel Framework < 5.5.40 and 5.6.x < 5.6.30 - Remote Code Execution via Unserialize of X-XSRF-TOKEN
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in gadgetchains/Laravel/RCE/3/chain.php in phpggc. The attacker must know the application key, which normally would never occur, but could happen if the attacker previously had privileged access or successfully accomplished a previous attack.
CVSS 8.1
EIP-2026-119668 EXPLOITDB python WORKING POC
Oracle PeopleSoft - XML External Entity to SYSTEM Remote Code Execution
EIP-2026-119669 EXPLOITDB python WORKING POC
Oracle PeopleSoft - XML External Entity to SYSTEM Remote Code Execution
CVE-2012-1563 EXPLOITDB HIGH python WORKING POC
Joomla! < 2.5.3 - Unauthenticated Admin Account Creation
Joomla! before 2.5.3 allows Admin Account Creation.
CVSS 7.5
CVE-2016-9838 EXPLOITDB HIGH python WORKING POC
Joomla! < 3.6.4 - Improper Access Control via Registration Form Session Data
An issue was discovered in components/com_users/models/registration.php in Joomla! before 3.6.5. Incorrect filtering of registration form data stored to the session on a validation error enables a user to gain access to a registered user's account and reset the user's group mappings, username, and password, as demonstrated by submitting a form that targets the `registration.register` task.
CVSS 7.5
CVE-2017-3548 EXPLOITDB MEDIUM python WORKING POC
Oracle PeopleSoft Products <8.56 - Info Disclosure
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.54 and 8.55. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L).
CVSS 6.5