dream434

8 exploits Active since Jan 2017
CVE-2017-9841 NOMISEC CRITICAL WORKING POC
PHPUnit <4.8.28, <5.6.3 - RCE
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.
1 stars
CVSS 9.8
CVE-2024-6387 NOMISEC HIGH SCANNER
OpenSSH - DoS
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
CVSS 8.1
CVE-2024-29269 NOMISEC HIGH WORKING POC
Telesquare TLR-2005KSH - Remote Command Execution
An issue discovered in Telesquare TLR-2005Ksh 1.0.0 and 1.1.4 allows attackers to run arbitrary system commands via the Cmd parameter.
CVSS 8.8
CVE-2024-31819 NOMISEC CRITICAL WORKING POC
WWBN AVideo <14.2 - RCE
An issue in WWBN AVideo v.12.4 through v.14.2 allows a remote attacker to execute arbitrary code via the systemRootPath parameter of the submitIndex.php component.
CVSS 9.8
CVE-2024-34102 NOMISEC CRITICAL WORKING POC
CosmicSting: Magento Arbitrary File Read (CVE-2024-34102) + PHP Buffer Overflow in the iconv() function of glibc (CVE-2024-2961)
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.
CVSS 9.8
CVE-2023-27372 NOMISEC CRITICAL WORKING POC
Spip < 3.2.18 - Insecure Deserialization
SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.
CVSS 9.8
CVE-2021-42013 NOMISEC CRITICAL WORKING POC
Apache HTTP Server < 9.2.6.0 - Path Traversal
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions.
CVSS 9.8
CVE-2017-5487 NOMISEC MEDIUM WORKING POC
Wordpress < 4.7 - Information Disclosure
wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request.
CVSS 5.3