louiselalanne

7 exploits Active since Nov 2023
CVE-2023-50643 NOMISEC CRITICAL WRITEUP
Evernote for macOS 10.68.2 - Remote Code Execution via RunAsNode and enableNodeClilnspectArguments
An issue in Evernote Evernote for MacOS v.10.68.2 allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments components.
8 stars
CVSS 9.8
CVE-2023-49314 NOMISEC HIGH WRITEUP
Asana Desktop 2.1.0 - Code Injection
Asana Desktop 2.1.0 on macOS allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode and EnableNodeCliInspectArguments, and thus r3ggi/electroniz3r can be used to perform an attack.
6 stars
CVSS 7.8
CVE-2023-49313 NOMISEC CRITICAL WORKING POC
XMachOViewer 0.04 - Unauthenticated Code Injection via Dylib Injection
A dylib injection vulnerability in XMachOViewer 0.04 allows attackers to compromise integrity. By exploiting this, unauthorized code can be injected into the product's processes, potentially leading to remote control and unauthorized access to sensitive user data.
4 stars
CVSS 9.8
CVE-2024-23746 NOMISEC CRITICAL WRITEUP
Miro Desktop 0.8.18 - Local Code Injection via Electron App Bundle Manipulation
Miro Desktop 0.8.18 on macOS allows local Electron code injection via a complex series of steps that might be usable in some environments (bypass a kTCCServiceSystemPolicyAppBundles requirement via a file copy, an app.app/Contents rename, an asar modification, and a rename back to app.app/Contents).
3 stars
CVSS 9.8
CVE-2024-23745 NOMISEC CRITICAL WRITEUP
Notion Web Clipper 1.0.3(7) - Command Injection via Dirty NIB Attack
In Notion Web Clipper 1.0.3(7), a .nib file is susceptible to the Dirty NIB attack. NIB files can be manipulated to execute arbitrary commands. Additionally, even if a NIB file is modified within an application, Gatekeeper may still permit the execution of the application, enabling the execution of arbitrary commands within the application's context. NOTE: the vendor's perspective is that this is simply an instance of CVE-2022-48505, cannot properly be categorized as a product-level vulnerability, and cannot have a product-level fix because it is about incorrect caching of file signatures on macOS.
2 stars
CVSS 9.8
CVE-2024-23747 NOMISEC HIGH WRITEUP
ModernaNet Hospital Management System 2024 - Insecure Direct Object Reference via Laudo ID Parameter
The Moderna Sistemas ModernaNet Hospital Management System 2024 is susceptible to an Insecure Direct Object Reference (IDOR) vulnerability. This vulnerability resides in the system's handling of user data access through a /Modernanet/LAUDO/LAU0000100/Laudo?id= URI. By manipulating this id parameter, an attacker can gain access to sensitive medical information.
CVSS 7.5
CVE-2023-50643 INTHEWILD CRITICAL WRITEUP
Evernote for macOS 10.68.2 - Remote Code Execution via RunAsNode and enableNodeClilnspectArguments
An issue in Evernote Evernote for MacOS v.10.68.2 allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments components.
CVSS 9.8