mechanico

2 exploits Active since Mar 2018

CVE-2018-7171 NOMISEC HIGH WORKING POC

Twonky Server 7.0.11-8.5 - Directory Traversal via contentbase Parameter

Directory traversal vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to share the contents of arbitrary directories via a .. (dot dot) in the contentbase parameter to rpc/set_all.

11 stars

CVSS 7.5

View Code

CVE-2018-9160 NOMISEC CRITICAL WORKING POC

SickRage < 2018.03.09-1 - Unprotected Credential Exposure via HTTP Response

SickRage before v2018.03.09-1 includes cleartext credentials in HTTP responses.

CVSS 9.8

View Code