faisalfs10x

24 exploits Active since Jul 2019
CVE-2022-0824 NOMISEC HIGH WORKING POC
webmin < 1.990 - Improper Access Control to Remote Code Execution
Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990.
111 stars
CVSS 8.8
CVE-2021-44228 NOMISEC CRITICAL WORKING POC
Log4Shell HTTP Header Injection
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
18 stars
CVSS 10.0
CVE-2021-22205 NOMISEC CRITICAL WORKING POC
GitLab 11.9.0-13.8.7 - Unauthenticated Remote Code Execution via ExifTool Image Parsing
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.
6 stars
CVSS 10.0
CVE-2023-46865 NOMISEC HIGH WORKING POC
crater < 6.0.6 - Authenticated Remote Code Execution via Company Logo Image Upload
/api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image.
4 stars
CVSS 7.2
CVE-2020-5902 NOMISEC CRITICAL SCANNER
BIG-IP 11.6.1-11.6.5.1 - Remote Code Execution via TMUI Undisclosed Pages
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.
2 stars
CVSS 9.8
CVE-2020-3452 NOMISEC HIGH SCANNER
Cisco ASA 9.6-9.6.4.42 & FTD 6.2.3-6.2.3.16 Unauthenticated Path Traversal
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of URLs in HTTP requests processed by an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device. The web services file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability cannot be used to obtain access to ASA or FTD system files or underlying operating system (OS) files.
2 stars
CVSS 7.5
CVE-2022-0824 NOMISEC HIGH WORKING POC
webmin < 1.990 - Improper Access Control to Remote Code Execution
Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990.
CVSS 8.8
CVE-2022-0824 NOMISEC HIGH WORKING POC
webmin < 1.990 - Improper Access Control to Remote Code Execution
Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990.
CVSS 8.8
CVE-2019-14322 NOMISEC HIGH WORKING POC
Pallets Werkzeug <0.15.5 - Path Traversal
In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames.
CVSS 7.5
CVE-2019-14322 NOMISEC HIGH SCANNER
Pallets Werkzeug <0.15.5 - Path Traversal
In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames.
CVSS 7.5
CVE-2019-14322 NOMISEC HIGH SCANNER
Pallets Werkzeug <0.15.5 - Path Traversal
In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames.
CVSS 7.5
CVE-2022-24248 EXPLOITDB MEDIUM text WORKING POC
RiteCMS < 3.1.0 - Authenticated Arbitrary File Deletion via Path Traversal
RiteCMS version 3.1.0 and below suffers from an arbitrary file deletion via path traversal vulnerability in Admin Panel. Exploiting the vulnerability allows an authenticated attacker to delete any file in the web root (along with any other file on the server that the PHP process user has the proper permissions to delete). Furthermore, an attacker might leverage the capability of arbitrary file deletion to circumvent certain web server security mechanisms such as deleting .htaccess file that would deactivate those security constraints.
CVSS 6.5
CVE-2022-24247 EXPLOITDB MEDIUM text WORKING POC
ritecms < 3.1.0 - Authenticated Arbitrary File Overwrite via Path Traversal
RiteCMS version 3.1.0 and below suffers from an arbitrary file overwrite via path traversal vulnerability in Admin Panel. Exploiting the vulnerability allows an authenticated attacker to overwrite any file in the web root (along with any other file on the server that the PHP process user has the proper permissions to write) resulting a remote code execution.
CVSS 6.5
CVE-2021-36624 EXPLOITDB CRITICAL text WORKING POC
Phone Shop Sales Management System 1.0 - SQL Injection
Sourcecodester Phone Shop Sales Managements System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
CVSS 9.8
CVE-2021-36623 EXPLOITDB CRITICAL text WORKING POC
Sourcecodester Phone Shop Sales Management System 1.0 - RCE
Arbitrary File Upload in Sourcecodester Phone Shop Sales Management System 1.0 enables RCE.
CVSS 9.8
CVE-2021-36622 EXPLOITDB CRITICAL python WORKING POC
Online Covid Vaccination Scheduler System 1.0 - Arbitrary File Upload via Admin Profile Photo
Sourcecodester Online Covid Vaccination Scheduler System 1.0 is affected vulnerable to Arbitrary File Upload. The admin panel has an upload function of profile photo accessible at http://localhost/scheduler/admin/?page=user. An attacker could upload a malicious file such as shell.php with the Content-Type: image/png. Then, the attacker have to visit the uploaded profile photo to access the shell.
CVSS 9.8
CVE-2021-36621 EXPLOITDB HIGH text WORKING POC
Online Covid Vaccination Scheduler System 1.0 - SQL Injection via Username Parameter
Sourcecodester Online Covid Vaccination Scheduler System 1.0 is vulnerable to SQL Injection. The username parameter is vulnerable to time-based SQL injection. Upon successful dumping the admin password hash, an attacker can decrypt and obtain the plain-text password. Hence, the attacker could authenticate as Administrator.
CVSS 8.1
CVE-2021-46367 EXPLOITDB HIGH text WORKING POC
ritecms < 3.1.0 - Authenticated Remote Code Execution via PHP File Upload
RiteCMS version 3.1.0 and below suffers from a remote code execution vulnerability in the admin panel. An authenticated attacker can upload a PHP file and bypass the .htacess configuration to deny execution of .php files in media and files directory by default.
CVSS 7.2
CVE-2022-0824 METASPLOIT HIGH ruby WORKING POC
webmin < 1.990 - Improper Access Control to Remote Code Execution
Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990.
CVSS 8.8
CVE-2019-14322 EXPLOITDB HIGH python WORKING POC
Pallets Werkzeug <0.15.5 - Path Traversal
In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames.
CVSS 7.5
EIP-2026-114481 EXPLOITDB text WORKING POC
XOS Shop 1.0.9 - 'Multiple' Arbitrary File Deletion (Authenticated)
CVE-2021-37593 EXPLOITDB CRITICAL text WORKING POC
PEEL Shopping 9.4.0 - Unauthenticated SQL Injection
PEEL Shopping version 9.4.0 allows remote SQL injection. A public user/guest (unauthenticated) can inject a malicious SQL query in order to affect the execution of predefined SQL commands. Upon a successful SQL injection attack, an attacker can read sensitive data from the database and possibly modify database data.
CVSS 9.1
EIP-2026-106260 EXPLOITDB text WORKING POC
CSZ CMS 1.2.9 - 'Multiple' Arbitrary File Deletion
CVE-2022-0824 EXPLOITDB HIGH python WORKING POC
webmin < 1.990 - Improper Access Control to Remote Code Execution
Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990.
CVSS 8.8