mrmtwoj

16 exploits Active since Feb 2023
CVE-2024-38477 GITHUB HIGH python SCANNER
Apache HTTP Server <2.4.60 - Null Pointer Dereference
null pointer dereference in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows an attacker to crash the server via a malicious request. Users are recommended to upgrade to version 2.4.60, which fixes this issue.
123 stars
CVSS 7.5
CVE-2024-39573 GITHUB HIGH python SCANNER
Apache HTTP Server < 2.4.60 - Server-Side Request Forgery via mod_rewrite RewriteRule
Potential SSRF in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by mod_proxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue.
123 stars
CVSS 7.5
CVE-2024-38473 GITHUB HIGH python SCANNER
Apache HTTP Server <2.4.60 - Open Redirect
Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue.
123 stars
CVSS 8.1
CVE-2024-38474 GITHUB CRITICAL python SCANNER
Apache HTTP Server < 2.4.60 - Script Execution via mod_rewrite Substitution Encoding Issue
Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI. Users are recommended to upgrade to version 2.4.60, which fixes this issue. Some RewriteRules that capture and substitute unsafely will now fail unless rewrite flag "UnsafeAllow3F" is specified.
123 stars
CVSS 9.8
CVE-2024-38475 GITHUB CRITICAL python SCANNER
Apache HTTP Server < 2.4.60 - Remote Code Execution via mod_rewrite Unsafe Substitution
Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected.  Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained.
123 stars
CVSS 9.1
CVE-2024-38476 GITHUB CRITICAL python SCANNER
Apache HTTP Server <2.4.60 - Info Disclosure/SSRF
Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue.
123 stars
CVSS 9.8
CVE-2024-38472 NOMISEC HIGH SCANNER
Apache HTTP Server 2.4.0-2.4.59 - Server-Side Request Forgery via UNC Path Handling
SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.60 which fixes this issue.  Note: Existing configurations that access UNC paths will have to configure new directive "UNCList" to allow access during request processing.
123 stars
CVSS 7.5
CVE-2023-38709 NOMISEC HIGH SCANNER
Apache HTTP Server <= 2.4.58 - HTTP Response Splitting via Faulty Input Validation
Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects Apache HTTP Server: through 2.4.58.
123 stars
CVSS 7.3
CVE-2024-38077 NOMISEC CRITICAL WORKING POC
Windows Remote Desktop Licensing Service - Remote Code Execution
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
16 stars
CVSS 9.8
CVE-2025-25257 NOMISEC CRITICAL WORKING POC
Fortinet FortiWeb - SQL Injection
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.7, FortiWeb 7.2.0 through 7.2.10, FortiWeb 7.0.0 through 7.0.10 allows an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.
5 stars
CVSS 9.8
CVE-2025-2005 NOMISEC CRITICAL WORKING POC
Front End Users <= 3.2.32 - Unauthenticated Arbitrary File Upload via Registration Form
The Front End Users plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the file uploads field of the registration form in all versions up to, and including, 3.2.32. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
3 stars
CVSS 9.8
CVE-2025-25257 NOMISEC CRITICAL WORKING POC
Fortinet FortiWeb - SQL Injection
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.7, FortiWeb 7.2.0 through 7.2.10, FortiWeb 7.0.0 through 7.0.10 allows an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.
2 stars
CVSS 9.8
CVE-2023-25136 NOMISEC MEDIUM SCANNER
OpenSSH 9.1 - Unauthenticated Double Free in KEX Algorithms Handling
OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible."
1 stars
CVSS 6.5
CVE-2026-31431 NOMISEC HIGH WRITEUP
crypto: algif_aead - Revert to operating out-of-place
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
CVSS 7.8
CVE-2025-55182 NOMISEC CRITICAL SCANNER
React Server Components <19.2.0 - RCE
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.
CVSS 10.0
CVE-2024-6387 NOMISEC HIGH SCANNER
OpenSSH - DoS
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
CVSS 8.1