jasperla

2 exploits Active since May 2017

CVE-2020-11651 NOMISEC CRITICAL WORKING POC

SaltStack Salt <2019.2.4,3000.2 - RCE

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.

121 stars

CVSS 9.8

View Code

CVE-2017-9101 NOMISEC CRITICAL WORKING POC

PlaySMS 1.4 - Remote Code Execution

import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via vectors involving the User-Agent HTTP header and PHP code in the name of a file.

14 stars

CVSS 9.8

View Code