jet-pentest

20 exploits Active since Aug 2020
CVE-2023-31779 NOMISEC MEDIUM WRITEUP
Wekan < 6.84 - Authenticated Stored Cross-Site Scripting via Reaction to Comment Feature
Wekan v6.84 and earlier is vulnerable to Cross Site Scripting (XSS). An attacker with user privilege on kanban board can insert JavaScript code in in "Reaction to comment" feature.
1 stars
CVSS 5.4
CVE-2022-39838 NOMISEC HIGH WORKING POC
Systematic FIX Adapter Firmware 2.4.0.25 - Path Traversal via UNC Share Pathname
Systematic FIX Adapter (ALFAFX) 2.4.0.25 13/09/2017 allows remote file inclusion via a UNC share pathname, and also allows absolute path traversal to local pathnames.
1 stars
CVSS 8.6
CVE-2021-3395 NOMISEC MEDIUM WRITEUP
Pryaniki 6.44.3 - Authenticated Stored Cross-Site Scripting via File Upload
A cross-site scripting (XSS) vulnerability in Pryaniki 6.44.3 allows remote authenticated users to upload an arbitrary file. The JavaScript code will execute when someone visits the attachment.
1 stars
CVSS 5.4
CVE-2021-42261 NOMISEC HIGH WRITEUP
Revisor Video Management System < 2.0.0 - Path Traversal
Revisor Video Management System (VMS) before 2.0.0 has a directory traversal vulnerability. Successful exploitation could allow an attacker to traverse the file system to access files or directories that are outside of restricted directory on the remote server. This could lead to the disclosure of sensitive data on the vulnerable server.
1 stars
CVSS 7.5
CVE-2021-27187 NOMISEC HIGH WRITEUP
Sovremennye Delovye Tekhnologii FX Aggregator Terminal Client 1 - Cleartext Password Storage
The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 stores authentication credentials in cleartext in login.sav when the Save Password box is checked.
1 stars
CVSS 7.5
CVE-2021-27188 NOMISEC HIGH WRITEUP
Sovremennye Delovye Tekhnologii FX Aggregator Terminal Client 1 - DoS via Excessive Authentication Attempts
The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 allows attackers to cause a denial of service (access suspended for five hours) by making five invalid login attempts to a victim's account.
1 stars
CVSS 7.5
CVE-2021-3130 NOMISEC MEDIUM WRITEUP
Open-AudIT <3.5.3 - Info Disclosure
Within the Open-AudIT up to version 3.5.3 application, the web interface hides SSH secrets, Windows passwords, and SNMP strings from users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to change the obfuscation so that the credentials are visible.
1 stars
CVSS 5.9
CVE-2021-3131 NOMISEC HIGH WRITEUP
1C:Enterprise 8 < 8.3.17.1851 - Inadequate Encryption Strength via Base64 Credential Exposure
The Web server in 1C:Enterprise 8 before 8.3.17.1851 sends base64 encoded credentials in the creds URL parameter.
1 stars
CVSS 7.5
CVE-2020-29667 NOMISEC CRITICAL WRITEUP
Lan ATMService M3 ATM Monitoring System 6.1.0 - Info Disclosure
In Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie value, such as PHPSESSID=LANIT-IMANAGER, can achieve control over the system because of Insufficient Session Expiration.
1 stars
CVSS 9.8
CVE-2020-27747 NOMISEC MEDIUM WRITEUP
Click Studios Passwordstate 8.9 Build 8973 - Unauthenticated Brute Force Attack via Mobile PIN Code
An issue was discovered in Click Studios Passwordstate 8.9 (Build 8973).If the user of the system has assigned himself a PIN code for entering from a mobile device using the built-in generator (4 digits), a remote attacker has the opportunity to conduct a brute force attack on this PIN code. As result, remote attacker retrieves all passwords from another systems, available for affected account.
1 stars
CVSS 6.8
CVE-2020-28414 NOMISEC MEDIUM WRITEUP
TranzWare Payment Gateway 3.1.12.3.2 - Unauthenticated Reflected Cross-Site Scripting via Crafted URL
A reflected cross-site scripting (XSS) vulnerability exists in the TranzWare Payment Gateway 3.1.12.3.2. A remote unauthenticated attacker is able to execute arbitrary HTML code via crafted url (different vector than CVE-2020-28415).
1 stars
CVSS 6.1
CVE-2020-28415 NOMISEC MEDIUM WRITEUP
TranzWare Payment Gateway 3.1.12.3.2 - Unauthenticated Reflected Cross-Site Scripting via Crafted URL
A reflected cross-site scripting (XSS) vulnerability exists in the TranzWare Payment Gateway 3.1.12.3.2. A remote unauthenticated attacker is able to execute arbitrary HTML code via crafted url (different vector than CVE-2020-28414).
1 stars
CVSS 6.1
CVE-2020-29666 NOMISEC MEDIUM WRITEUP
Lan ATMService M3 ATM Monitoring System 6.1.0 - Info Disclosure
In Lan ATMService M3 ATM Monitoring System 6.1.0, due to a directory-listing vulnerability, a remote attacker can view log files, located in /websocket/logs/, that contain a user's cookie values and the predefined developer's cookie value.
1 stars
CVSS 5.3
CVE-2020-24032 NOMISEC CRITICAL WRITEUP
LPAR2RRD/STOR2RRD 2.70 - Command Injection
tz.pl on XoruX LPAR2RRD and STOR2RRD 2.70 virtual appliances allows cmd=set&tz=OS command injection via shell metacharacters in a timezone.
1 stars
CVSS 9.8
CVE-2020-25747 NOMISEC CRITICAL WRITEUP
Rubetek RV-3406, RV-3409, and RV-3411 Firmware v339, v342 - Unauthenticated Access to RTSP and ONFIV Services
The Telnet service of Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) can allow a remote attacker to gain access to RTSP and ONFIV services without authentication. Thus, the attacker can watch live streams from the camera, rotate the camera, change some settings (brightness, clarity, time), restart the camera, or reset it to factory settings.
1 stars
CVSS 9.4
CVE-2020-25748 NOMISEC HIGH WRITEUP
Rubetek RV-3406, RV-3409, and RV-3411 Firmware v342, v339 - Cleartext Transmission of Sensitive Information
A Cleartext Transmission issue was discovered on Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339). Someone in the middle can intercept and modify the video data from the camera, which is transmitted in an unencrypted form. One can also modify responses from NTP and RTSP servers and force the camera to use the changed values.
1 stars
CVSS 8.1
CVE-2020-25749 NOMISEC CRITICAL WRITEUP
Rubetek RV-3406, RV-3409, RV-3411 Firmware v339, v342 - Use of Hard-coded Credentials in Telnet Service
The Telnet service of Rubetek cameras RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) could allow an remote attacker to take full control of the device with a high-privileged account. The vulnerability exists because a system account has a default and static password. The Telnet service cannot be disabled and this password cannot be changed via standard functionality.
1 stars
CVSS 9.8
CVE-2024-25175 NOMISEC MEDIUM WRITEUP
kickdler < 1.107.0 - Cross-Site Scripting via HTTP Response Splitting
An issue in Kickdler before v1.107.0 allows attackers to provide an XSS payload via a HTTP response splitting attack.
CVSS 6.1
CVE-2023-45966 NOMISEC HIGH WRITEUP
remark42 < 1.12.1 - Server-Side Request Forgery via Newsletter Import URL Parameter
umputun remark42 version 1.12.1 and before has a Blind Server-Side Request Forgery (SSRF) vulnerability.
CVSS 7.5
CVE-2022-24449 NOMISEC CRITICAL WRITEUP
Solar appScreener <= 3.10.4 - XML External Entity Injection and Server-Side Request Forgery via Crafted XML Document
Solar appScreener through 3.10.4, when a valid license is not present, allows XXE and SSRF attacks via a crafted XML document.
CVSS 9.8