dnr6419

9 exploits Active since Apr 2018
CVE-2022-23046 NOMISEC HIGH WORKING POC
phpipam 1.4.4 - Authenticated SQL Injection via Subnet Parameter
PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the "subnet" parameter while searching a subnet via app/admin/routing/edit-bgp-mapping-search.php
4 stars
CVSS 7.2
CVE-2021-29447 NOMISEC HIGH WORKING POC
WordPress 5.6.0-5.7.0 - Authenticated XML External Entity Injection via Media Library File Upload
Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has been patched in WordPress version 5.7.1, along with the older affected versions via a minor release. We strongly recommend you keep auto-updates enabled.
3 stars
CVSS 7.1
CVE-2021-24145 NOMISEC HIGH WORKING POC
Modern Events Calendar Lite < 5.16.5 - Arbitrary File Upload via CSV Import
Arbitrary file upload in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly check the imported file, allowing PHP ones to be uploaded by administrator by using the 'text/csv' content-type in the request.
3 stars
CVSS 7.2
CVE-2021-32157 NOMISEC CRITICAL WORKING POC
Webmin 1.973 - Stored Cross-Site Scripting via Scheduled Cron Jobs Feature
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature.
1 stars
CVSS 9.6
CVE-2019-7609 NOMISEC CRITICAL WRITEUP
Kibana Timelion Prototype Pollution RCE
Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.
1 stars
CVSS 10.0
CVE-2021-32644 NOMISEC MEDIUM WORKING POC
Ampache 4.x.y - Authenticated Code Injection in random.php
Ampache is an open source web based audio/video streaming application and file manager. Due to a lack of input filtering versions 4.x.y are vulnerable to code injection in random.php. The attack requires user authentication to access the random.php page unless the site is running in demo mode. This issue has been resolved in 4.4.3.
CVSS 6.4
CVE-2021-24545 NOMISEC MEDIUM WORKING POC
WP HTML Author Bio < 1.2.0 - Authenticated Stored Cross-Site Scripting via User Bio
The WP HTML Author Bio WordPress plugin through 1.2.0 does not sanitise the HTML allowed in the Bio of users, allowing them to use malicious JavaScript code, which will be executed when anyone visit a post in the frontend made by such user. As a result, user with a role as low as author could perform Cross-Site Scripting attacks against users, which could potentially lead to privilege escalation when an admin view the related post/s.
CVSS 5.4
CVE-2018-16167 NOMISEC CRITICAL WORKING POC
LogonTracer < 1.2.0 - OS Command Injection
LogonTracer 1.2.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.
CVSS 9.8
CVE-2018-6905 NOMISEC MEDIUM WRITEUP
TYPO3 < 8.7.11 and 9.1.0 - Stored Cross-Site Scripting via Site Name Configuration
The page module in TYPO3 before 8.7.11, and 9.1.0, has XSS via $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'], as demonstrated by an admin entering a crafted site name during the installation process.
CVSS 4.8