dhmosfunk

7 exploits Active since Mar 2023
CVE-2023-25690 NOMISEC CRITICAL WRITEUP
Apache HTTP Server 2.4.0-2.4.55 - HTTP Request Smuggling via mod_proxy RewriteRule
Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution. For example, something like: RewriteEngine on RewriteRule "^/here/(.*)" "http://example.com:8080/elsewhere?$1"; [P] ProxyPassReverse /here/ http://example.com:8080/ Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server.
283 stars
CVSS 9.8
CVE-2025-0411 NOMISEC HIGH WORKING POC
7-Zip 24.09 - Mark-of-the-Web Bypass Code Execution
7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-25456.
154 stars
CVSS 7.0
CVE-2023-25950 NOMISEC HIGH WRITEUP
HAProxy 2.6.1-2.6.7 and 2.7.0 - HTTP Request Smuggling
HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a remote attacker to alter a legitimate user's request. As a result, the attacker may obtain sensitive information or cause a denial-of-service (DoS) condition.
10 stars
CVSS 7.3
CVE-2025-58098 NOMISEC HIGH WRITEUP
Apache HTTP Server <2.4.66 - Command Injection
Apache HTTP Server 2.4.65 and earlier with Server Side Includes (SSI) enabled and mod_cgid (but not mod_cgi) passes the shell-escaped query string to #exec cmd="..." directives. This issue affects Apache HTTP Server before 2.4.66. Users are recommended to upgrade to version 2.4.66, which fixes the issue.
1 stars
CVSS 8.3
CVE-2026-47291 GITHUB CRITICAL python WORKING POC
Microsoft Windows HTTP.sys - Remote Code Execution via Integer Overflow
Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.
CVSS 9.8
CVE-2026-49160 GITHUB HIGH python WORKING POC
Microsoft Windows HTTP.sys HTTP/2 - Denial of Service
Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network.
CVSS 7.5
CVE-2026-49160 NOMISEC HIGH WORKING POC
Microsoft Windows HTTP.sys HTTP/2 - Denial of Service
Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network.
CVSS 7.5