geniuszly

21 exploits Active since Mar 2017
CVE-2024-0582 NOMISEC HIGH WORKING POC
Linux Kernel 6.4-6.6.4 - Use-After-Free in io_uring Buffer Ring Registration
A memory leak flaw was found in the Linux kernel’s io_uring functionality in how a user registers a buffer ring with IORING_REGISTER_PBUF_RING, mmap() it, and then frees it. This flaw allows a local user to crash or potentially escalate their privileges on the system.
13 stars
CVSS 7.8
CVE-2024-5522 NOMISEC MEDIUM SCANNER
HTML5 Video Player < 2.5.27 - Unauthenticated SQL Injection via REST Route Parameter
The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks
10 stars
CVSS 6.5
CVE-2024-7029 NOMISEC HIGH WORKING POC
AVTECH AVM1203 Firmware < fullimg-1023-1007-1011-1009 - Unauthenticated OS Command Injection
Commands can be injected over the network and executed without authentication.
8 stars
CVSS 8.8
CVE-2024-4040 NOMISEC CRITICAL WORKING POC
CrushFTP < 10.7.1 - Unauthenticated Server-Side Template Injection
A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.
8 stars
CVSS 9.8
CVE-2022-46080 NOMISEC CRITICAL WORKING POC
Nexxt Nebula 1200-AC <15.03.06.60 - Auth Bypass, Command Injection
Nexxt Nebula 1200-AC 15.03.06.60 allows authentication bypass and command execution by using the HTTPD service to enable TELNET.
8 stars
CVSS 9.8
CVE-2024-28116 NOMISEC HIGH WORKING POC
Grav < 1.7.45 - Authenticated Server-Side Template Injection
Grav is an open-source, flat-file content management system. Grav CMS prior to version 1.7.45 is vulnerable to a Server-Side Template Injection (SSTI), which allows any authenticated user (editor permissions are sufficient) to execute arbitrary code on the remote server bypassing the existing security sandbox. Version 1.7.45 contains a patch for this issue.
7 stars
CVSS 8.8
CVE-2024-24919 NOMISEC HIGH SCANNER
Check Point Quantum Gateway - Information Disclosure
Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.
6 stars
CVSS 8.6
CVE-2023-40404 NOMISEC HIGH WORKING POC
macOS - Use-After-Free
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sonoma 14.1. An app may be able to execute arbitrary code with kernel privileges.
6 stars
CVSS 7.8
CVE-2022-45701 NOMISEC HIGH WORKING POC
Arris TG2482A Firmware <= 9.1.103GEM9 - Remote Code Execution via Ping Utility
Arris TG2482A firmware through 9.1.103GEM9 allow Remote Code Execution (RCE) via the ping utility feature.
5 stars
CVSS 8.8
CVE-2022-44149 NOMISEC HIGH STUB
Nexxt Amp300 ARN02304U8 RCE via Ping Feature JSON Host Field
The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 and 80.103.2.5045 devices allows remote OS command execution by placing &telnetd in the JSON host field to the ping feature of the goform/sysTools component. Authentication is required
5 stars
CVSS 8.8
CVE-2024-44000 NOMISEC CRITICAL WORKING POC
LiteSpeed Cache < 6.5.0.1 - Unauthenticated Authentication Bypass via Insufficiently Protected Credentials
Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Authentication Bypass.This issue affects LiteSpeed Cache: from n/a through < 6.5.0.1.
4 stars
CVSS 9.8
CVE-2019-9193 NOMISEC HIGH WORKING POC
PostgreSQL 9.3-11.2 - Authenticated OS Command Injection via COPY TO/FROM PROGRAM
In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_server_program' group to execute arbitrary code in the context of the database's operating system user. This functionality is enabled by default and can be abused to run arbitrary operating system commands on Windows, Linux, and macOS. NOTE: Third parties claim/state this is not an issue because PostgreSQL functionality for ‘COPY TO/FROM PROGRAM’ is acting as intended. References state that in PostgreSQL, a superuser can execute commands as the server user without using the ‘COPY FROM PROGRAM’.
4 stars
CVSS 7.2
CVE-2017-7269 NOMISEC CRITICAL WORKING POC
Internet Information Services 6.0 - Remote Code Execution via WebDAV PROPFIND Request
Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016.
4 stars
CVSS 9.8
CVE-2024-27198 NOMISEC CRITICAL WORKING POC
TeamCity < 2023.11.4 - Authentication Bypass
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
3 stars
CVSS 9.8
CVE-2022-2414 NOMISEC HIGH WORKING POC
Dogtag PKI - XML External Entity File Disclosure via Crafted HTTP Request
Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.
3 stars
CVSS 7.5
CVE-2020-15916 NOMISEC CRITICAL WORKING POC
Tenda AC15 AC1900 15.03.05.19 - OS Command Injection via lanIp Parameter
goform/AdvSetLanip endpoint on Tenda AC15 AC1900 15.03.05.19 devices allows remote attackers to execute arbitrary system commands via shell metacharacters in the lanIp POST parameter.
3 stars
CVSS 9.8
CVE-2019-9193 NOMISEC HIGH WORKING POC
PostgreSQL 9.3-11.2 - Authenticated OS Command Injection via COPY TO/FROM PROGRAM
In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_server_program' group to execute arbitrary code in the context of the database's operating system user. This functionality is enabled by default and can be abused to run arbitrary operating system commands on Windows, Linux, and macOS. NOTE: Third parties claim/state this is not an issue because PostgreSQL functionality for ‘COPY TO/FROM PROGRAM’ is acting as intended. References state that in PostgreSQL, a superuser can execute commands as the server user without using the ‘COPY FROM PROGRAM’.
CVSS 7.2
CVE-2020-15916 INTHEWILD CRITICAL WORKING POC
Tenda AC15 AC1900 15.03.05.19 - OS Command Injection via lanIp Parameter
goform/AdvSetLanip endpoint on Tenda AC15 AC1900 15.03.05.19 devices allows remote attackers to execute arbitrary system commands via shell metacharacters in the lanIp POST parameter.
CVSS 9.8
CVE-2022-2414 INTHEWILD HIGH WORKING POC
Dogtag PKI - XML External Entity File Disclosure via Crafted HTTP Request
Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.
CVSS 7.5
CVE-2024-5522 INTHEWILD MEDIUM SCANNER
HTML5 Video Player < 2.5.27 - Unauthenticated SQL Injection via REST Route Parameter
The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a parameter from a REST route before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks
CVSS 6.5
CVE-2024-7029 INTHEWILD HIGH WORKING POC
AVTECH AVM1203 Firmware < fullimg-1023-1007-1011-1009 - Unauthenticated OS Command Injection
Commands can be injected over the network and executed without authentication.
CVSS 8.8