krastanoel - Security Researcher - Exploit Intelligence Platform

CVE-2022-29806 NOMISEC CRITICAL WORKING POC

ZoneMinder < 1.36.13 - Remote Code Execution via Invalid Language Setting

ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability.

3 stars

CVSS 9.8

View Code

CVE-2020-36939 METASPLOIT HIGH ruby WORKING POC

Cassandra Web 0.5.0 - Path Traversal

Cassandra Web 0.5.0 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating path traversal parameters. Attackers can exploit the disabled Rack::Protection module to read sensitive system files like /etc/passwd and retrieve Apache Cassandra database credentials.

CVSS 7.5

View Code

CVE-2022-30781 METASPLOIT HIGH ruby WORKING POC

Gitea < 1.16.7 - Remote Code Execution via Git Fetch Remote

Gitea before 1.16.7 does not escape git fetch remote.

CVSS 7.5

View Code

CVE-2022-29806 METASPLOIT CRITICAL ruby WORKING POC

ZoneMinder < 1.36.13 - Remote Code Execution via Invalid Language Setting

ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability.

CVSS 9.8

View Code

CVE-2022-30781 EXPLOITDB HIGH ruby WORKING POC

Gitea < 1.16.7 - Remote Code Execution via Git Fetch Remote

Gitea before 1.16.7 does not escape git fetch remote.

CVSS 7.5

View Code