cowsecurity

6 exploits Active since Aug 2018
CVE-2022-23935 NOMISEC HIGH WORKING POC
ExifTool <12.38 - Command Injection
lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ /\|$/ check, leading to command injection.
8 stars
CVSS 7.8
CVE-2023-27842 NOMISEC HIGH WORKING POC
eXtplorer 2.1.15 - Remote Code Execution via Insecure Permissions in index.php
Insecure Permissions vulnerability found in Extplorer File manager eXtplorer v.2.1.15 allows a remote attacker to execute arbitrary code via the index.php compenent
2 stars
CVSS 8.8
CVE-2011-2523 NOMISEC CRITICAL WORKING POC
vsftpd 2.3.4 - Backdoor Command Execution
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
2 stars
CVSS 9.8
CVE-2018-15473 GITHUB MEDIUM python WORKING POC
OpenSSH < 7.7 - User Enumeration via Authentication Request Timing
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
CVSS 5.3
CVE-2022-23935 GITHUB HIGH python WORKING POC
ExifTool <12.38 - Command Injection
lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ /\|$/ check, leading to command injection.
CVSS 7.8
CVE-2023-27163 NOMISEC MEDIUM WORKING POC
request-baskets < 1.2.1 - Server-Side Request Forgery via /api/baskets/{name} Endpoint
request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.
CVSS 6.5