enox - Security Researcher - Exploit Intelligence Platform

CVE-2021-22911 NOMISEC CRITICAL WORKING POC

Rocket.Chat <3.14 - SQL Injection

A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE.

CVSS 9.8

View Code

CVE-2021-22911 NOMISEC CRITICAL WORKING POC

Rocket.Chat <3.14 - SQL Injection

A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE.

CVSS 9.8

View Code

CVE-2021-22911 NOMISEC CRITICAL WORKING POC

Rocket.Chat <3.14 - SQL Injection

A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE.

CVSS 9.8

View Code

CVE-2021-22911 NOMISEC CRITICAL WORKING POC

Rocket.Chat <3.14 - SQL Injection

A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE.

CVSS 9.8

View Code

EIP-2026-114700 EXPLOITDB python WORKING POC

Gitlab 13.9.3 - Remote Code Execution (Authenticated)

View Code

EIP-2026-114699 EXPLOITDB python WORKING POC

Gitlab 13.10.2 - Remote Code Execution (Authenticated)

View Code

CVE-2021-29440 EXPLOITDB HIGH python WORKING POC

Grav < 1.7.11 - Code Injection

Grav is a file based Web-platform. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. The issue was addressed in version 1.7.11.

CVSS 8.4

View Code

CVE-2021-22911 EXPLOITDB CRITICAL python WORKING POC

Rocket.Chat <3.14 - SQL Injection

A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE.

CVSS 9.8

View Code

CVE-2021-22911 EXPLOITDB CRITICAL python WORKING POC

Rocket.Chat <3.14 - SQL Injection

A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE.

CVSS 9.8

View Code