momo1239

4 exploits Active since May 2024
CVE-2024-9463 NOMISEC HIGH WORKING POC
Palo Alto Networks Expedition 1.2.0-1.2.95 - Unauthenticated OS Command Injection
An OS command injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.
1 stars
CVSS 7.5
CVE-2024-35333 NOMISEC HIGH WRITEUP
html2xhtml 1.3 - Stack-based Buffer Overflow in read_charset_decl
A stack-buffer-overflow vulnerability exists in the read_charset_decl function of html2xhtml 1.3. This vulnerability occurs due to improper bounds checking when copying data into a fixed-size stack buffer. An attacker can exploit this vulnerability by providing a specially crafted input to the vulnerable function, causing a buffer overflow and potentially leading to arbitrary code execution, denial of service, or data corruption.
CVSS 8.4
CVE-2023-24203 NOMISEC MEDIUM WRITEUP
Simple Customer Relationship Management System 1.0 - Cross-Site Scripting via Company or Query Parameter
Cross Site Scripting vulnerability in SourceCodester Simple Customer Relationship Management System v1.0 allows attacker to execute arbitary code via the company or query parameter(s).
CVSS 5.4
CVE-2023-24204 WRITEUP MEDIUM WRITEUP
SourceCodester Simple CRM 1.0 - SQL Injection via name Parameter
SQL injection vulnerability in SourceCodester Simple Customer Relationship Management System v1.0 allows attacker to execute arbitrary code via the name parameter in get-quote.php.
CVSS 5.4