mr-r3bot

4 exploits Active since Feb 2021
CVE-2021-22205 NOMISEC CRITICAL WORKING POC
Gitlab < 13.8.8 - Code Injection
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.
182 stars
CVSS 10.0
CVE-2021-22205 NOMISEC CRITICAL WORKING POC
Gitlab < 13.8.8 - Code Injection
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.
23 stars
CVSS 10.0
CVE-2022-29464 NOMISEC CRITICAL WORKING POC
WSO2 Arbitrary File Upload to RCE
Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a Content-Disposition directory traversal sequence to reach a directory under the web root, such as a ../../../../repository/deployment/server/webapps directory. This affects WSO2 API Manager 2.2.0 up to 4.0.0, WSO2 Identity Server 5.2.0 up to 5.11.0, WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0 and 5.6.0, WSO2 Identity Server as Key Manager 5.3.0 up to 5.11.0, WSO2 Enterprise Integrator 6.2.0 up to 6.6.0, WSO2 Open Banking AM 1.4.0 up to 2.0.0 and WSO2 Open Banking KM 1.4.0, up to 2.0.0.
2 stars
CVSS 9.8
CVE-2020-28653 NOMISEC CRITICAL WORKING POC
Zohocorp Manageengine Opmanager < 12.5 - Remote Code Execution
Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.
CVSS 9.8