kevthehermit

2 exploits Active since Mar 2020
CVE-2020-10560 NOMISEC MEDIUM WORKING POC
Open Source Social Network < 5.3 - Arbitrary File Read via Weak PRNG in SiteKey
An issue was discovered in Open Source Social Network (OSSN) through 5.3. A user-controlled file path with a weak cryptographic rand() can be used to read any file with the permissions of the webserver. This can lead to further compromise. The attacker must conduct a brute-force attack against the SiteKey to insert into a crafted URL for components/OssnComments/ossn_com.php and/or libraries/ossn.lib.upgrade.php.
8 stars
CVSS 5.9
CVE-2020-11651 NOMISEC CRITICAL WORKING POC
SaltStack Salt <2019.2.4,3000.2 - RCE
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.
6 stars
CVSS 9.8