lowkey0808

4 exploits Active since Sep 2020
CVE-2021-32849 NOMISEC HIGH WORKING POC
gerapy < 0.9.9 - Authenticated OS Command Injection
Gerapy is a distributed crawler management framework. Prior to version 0.9.9, an authenticated user could execute arbitrary commands. This issue is fixed in version 0.9.9. There are no known workarounds.
1 stars
CVSS 8.8
CVE-2021-43857 NOMISEC CRITICAL WORKING POC
Gerapy < 0.9.8 - Remote Code Execution
Gerapy is a distributed crawler management framework. Gerapy prior to version 0.9.8 is vulnerable to remote code execution, and this issue is patched in version 0.9.8.
1 stars
CVSS 9.8
CVE-2022-29464 NOMISEC CRITICAL WORKING POC
WSO2 Arbitrary File Upload to RCE
Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a Content-Disposition directory traversal sequence to reach a directory under the web root, such as a ../../../../repository/deployment/server/webapps directory. This affects WSO2 API Manager 2.2.0 up to 4.0.0, WSO2 Identity Server 5.2.0 up to 5.11.0, WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0 and 5.6.0, WSO2 Identity Server as Key Manager 5.3.0 up to 5.11.0, WSO2 Enterprise Integrator 6.2.0 up to 6.6.0, WSO2 Open Banking AM 1.4.0 up to 2.0.0 and WSO2 Open Banking KM 1.4.0, up to 2.0.0.
CVSS 9.8
CVE-2020-25540 NOMISEC HIGH WORKING POC
ThinkAdmin v6 - Unauthenticated Path Traversal via GET Request Encode Parameter
ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode parameter.
CVSS 7.5