crypt0crc

4 exploits Active since Sep 2019
CVE-2019-16398 GITLAB MEDIUM WORKING POC
Keeper K5 <20.1.0.25-20.1.0.63 - RCE
On Keeper K5 20.1.0.25 and 20.1.0.63 devices, remote code execution can occur by inserting an SD card containing a file named zskj_script_run.sh that executes a reverse shell.
CVSS 6.8
CVE-2019-16518 GITLAB MEDIUM WORKING POC
Vandy Vape Swell Kit Mod Firmware - Unintended Temperature Control via Bluetooth Low Energy Packets
An issue was discovered on Swell Kit Mod devices that use the Vandy Vape platform. An attacker may be able to trigger an unintended temperature in the victim's mouth and throat via Bluetooth Low Energy (BLE) packets that specify large power or voltage values.
CVSS 4.3
CVE-2019-18651 GITLAB MEDIUM WORKING POC
3xLogic Infinias Access Control <=6.6.9586.0 - CSRF
A cross-site request forgery (CSRF) vulnerability in 3xLogic Infinias Access Control through 6.6.9586.0 allows remote attackers to execute malicious and unauthorized actions (e.g., delete application users) by sending a crafted HTML document or encoded URL to a user that the website trusts. The user needs to have an active privileged session.
CVSS 6.5
CVE-2019-18652 GITLAB MEDIUM WORKING POC
WatchGuard XMT515 Firmware < 12.3 - DOM-Based Cross-Site Scripting via Crafted Link
A DOM based XSS vulnerability has been identified on the WatchGuard XMT515 through 12.1.3, allowing a remote attacker to execute JavaScript in the victim's browser by tricking the victim into clicking on a crafted link. The payload was tested in Microsoft Internet Explorer 11.418.18362.0 and Microsoft Edge 44.18362.387.0 (Microsoft EdgeHTML 18.18362).
CVSS 6.1