dreadlocked

4 exploits Active since Jan 2018
CVE-2018-7600 NOMISEC CRITICAL WORKING POC
Drupal Drupalgeddon 2 Forms API Property Injection
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
593 stars
CVSS 9.8
CVE-2018-7600 NOMISEC CRITICAL WORKING POC
Drupal Drupalgeddon 2 Forms API Property Injection
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
114 stars
CVSS 9.8
CVE-2018-6407 NOMISEC HIGH WORKING POC
Conceptronic CIPCAMPTIWL V3 0.61.30.21 - Unauthenticated Denial of Service via Large POST Request to devices.cgi
An issue was discovered on Conceptronic CIPCAMPTIWL V3 0.61.30.21 devices. An unauthenticated attacker can crash a device by sending a POST request with a huge body size to /hy-cgi/devices.cgi?cmd=searchlandevice. The crash completely freezes the device.
8 stars
CVSS 7.5
CVE-2018-6479 NOMISEC HIGH WORKING POC
Netwave IP Camera - Unauthenticated Denial of Service via Large POST Request
An issue was discovered on Netwave IP Camera devices. An unauthenticated attacker can crash a device by sending a POST request with a huge body size to the / URI.
4 stars
CVSS 7.5