hacker1337itme

4 exploits Active since May 2006
CVE-2025-66866 NOMISEC HIGH WORKING POC
BinUtils 2.26 - Denial of Service via Crafted PE File in d_abi_tags Function
An issue was discovered in function d_abi_tags in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.
CVSS 7.5
CVE-2026-1311 NOMISEC HIGH WORKING POC
Worry Proof Backup Plugin <0.2.4 - Path Traversal
The Worry Proof Backup plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 0.2.4 via the backup upload functionality. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload a malicious ZIP archive with path traversal sequences to write arbitrary files anywhere on the server, including executable PHP files. This can lead to remote code execution.
CVSS 8.8
CVE-2026-27097 NOMISEC HIGH WORKING POC
CasaMia Theme <=1.1.2 - PHP Local File Inclusion
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes CasaMia | Property Rental Real Estate WordPress Theme casamia allows PHP Local File Inclusion.This issue affects CasaMia | Property Rental Real Estate WordPress Theme: from n/a through <= 1.1.2.
CVSS 8.1
CVE-2006-2369 NOMISEC WORKING POC
RealVNC 4.1.1 - Unauthenticated Authentication Bypass via Insecure Security Type
RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisco CallManager, allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, as originally demonstrated using a long password.