l00neyhacker

19 exploits Active since May 2021
CVE-2021-31702 WRITEUP HIGH WORKING POC
Frontiersoftware Ichris < 5.18 - Denial of Service
Frontier ichris through 5.18 mishandles making a DNS request for the hostname in the HTTP Host header, as demonstrated by submitting 127.0.0.1 multiple times for DoS.
CVSS 7.5
CVE-2021-31703 WRITEUP CRITICAL WRITEUP
Frontiersoftware Ichris < 5.18 - Unrestricted File Upload
Frontier ichris through 5.18 allows users to upload malicious executable files that might later be downloaded and run by any client user.
CVSS 9.8
CVE-2021-32202 WRITEUP MEDIUM STUB
Cs-cart - XSS
In CS-Cart version 4.11.1, it is possible to induce copy-paste XSS by manipulating the "post description" filed in the blog post creation page.
CVSS 6.1
CVE-2021-36581 WRITEUP CRITICAL WRITEUP
Kooboo CMS 2.1.1.0 - Code Injection
Kooboo CMS 2.1.1.0 is vulnerable to Insecure file upload. It is possible to upload any file extension to the server. The server does not verify the extension of the file and the tester was able to upload an aspx to the server.
CVSS 9.8
CVE-2021-36582 WRITEUP CRITICAL SUSPICIOUS
Kooboo CMS 2.1.1.0 - Command Injection
In Kooboo CMS 2.1.1.0, it is possible to upload a remote shell (e.g., aspx) to the server and then call upon it to receive a reverse shell from the victim server. The files are uploaded to /Content/Template/root/reverse-shell.aspx and can be simply triggered by browsing that URL.
CVSS 9.8
CVE-2021-40649 WRITEUP MEDIUM WRITEUP
Connx <6.2.0.1269 - Info Disclosure
In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the application and not have the HttpOnly flag set.
CVSS 6.5
CVE-2021-40650 WRITEUP MEDIUM WRITEUP
Connx <6.2.0.1269 - Info Disclosure
In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the application and not have the secure flag set.
CVSS 6.5
CVE-2022-26155 WRITEUP MEDIUM STUB
Cherwell Service Mgmt <10.2.3 - XSS
An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. XSS can occur via a payload in the SAMLResponse parameter of the HTTP request body.
CVSS 6.1
CVE-2022-26156 WRITEUP MEDIUM WRITEUP
Cherwell Service Management (CSM) 10.2.3 - Command Injection
An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. Injection of a malicious payload within the RelayState= parameter of the HTTP request body results in the hijacking of the form action. Form-action hijacking vulnerabilities arise when an application places user-supplied input into the action URL of an HTML form. An attacker can use this vulnerability to construct a URL that, if visited by another application user, will modify the action URL of a form to point to the attacker's server.
CVSS 6.1
CVE-2022-26157 WRITEUP MEDIUM WRITEUP
Cherwell Service Mgmt <10.2.3 - Info Disclosure
An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. The ASP.NET_Sessionid cookie is not protected by the Secure flag. This makes it prone to interception by an attacker if traffic is sent over unencrypted channels.
CVSS 5.3
CVE-2022-26158 WRITEUP MEDIUM WRITEUP
Cherwell Service Mgmt <10.2.3 - Open Redirect
An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. It accepts and reflects arbitrary domains supplied via a client-controlled Host header. Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled page.
CVSS 6.1
CVE-2022-47715 WRITEUP MEDIUM WRITEUP
Lastyard Last Yard - Missing Encryption
In Last Yard 22.09.8-1, the cookie can be stolen via via unencrypted traffic.
CVSS 5.3
CVE-2022-47717 WRITEUP HIGH WRITEUP
Lastyard Last Yard - Permissive CORS Policy
Last Yard 22.09.8-1 is vulnerable to Cross-origin resource sharing (CORS).
CVSS 7.5
CVE-2023-23126 WRITEUP MEDIUM WRITEUP
Connectwise Automate 2022.11 - CSRF
Connectwise Automate 2022.11 is vulnerable to Clickjacking. The login screen can be iframed and used to manipulate users to perform unintended actions. NOTE: the vendor's position is that a Content-Security-Policy HTTP response header is present to block this attack.
CVSS 6.1
CVE-2023-23127 WRITEUP MEDIUM STUB
Connectwise - Missing Encryption
In Connectwise Control 22.8.10013.8329, the login page does not implement HSTS headers therefore not enforcing HTTPS. NOTE: the vendor's position is that, by design, this is controlled by a configuration option in which a customer can choose to use HTTP (rather than HTTPS) during troubleshooting.
CVSS 5.3
CVE-2023-23128 WRITEUP MEDIUM STUB
Connectwise - Permissive CORS Policy
Connectwise Control 22.8.10013.8329 is vulnerable to Cross Origin Resource Sharing (CORS). The vendor's position is that two endpoints have Access-Control-Allow-Origin wildcarding to support product functionality, and that there is no risk from this behavior. The vulnerability report is thus not valid.
CVSS 6.1
CVE-2023-23130 WRITEUP MEDIUM WRITEUP
Connectwise Automate - Cleartext Transmission
Connectwise Automate 2022.11 is vulnerable to Cleartext authentication. Authentication is being done via HTTP (cleartext) with SSL disabled. OTE: the vendor's position is that, by design, this is controlled by a configuration option in which a customer can choose to use HTTP (rather than HTTPS) during troubleshooting.
CVSS 5.9
CVE-2023-23131 WRITEUP HIGH WRITEUP
Selfwealth - Improper Certificate Validation
Selfwealth iOS mobile App 3.3.1 is vulnerable to Insecure App Transport Security (ATS) Settings.
CVSS 7.5
CVE-2023-23132 WRITEUP HIGH WRITEUP
Selfwealth - Hard-coded Credentials
Selfwealth iOS mobile App 3.3.1 is vulnerable to Sensitive key disclosure. The application reveals hardcoded API keys.
CVSS 7.5