nikhil1232

6 exploits Active since May 2018
CVE-2020-7384 NOMISEC HIGH WORKING POC
Metasploit < 4.19.0 - Command Injection via Malicious APK File
Rapid7's Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary commands on a victim's machine.
10 stars
CVSS 7.0
CVE-2018-10933 NOMISEC CRITICAL WORKING POC
libssh Authentication Bypass Scanner
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.
6 stars
CVSS 9.1
CVE-2020-7384 NOMISEC HIGH WORKING POC
Metasploit < 4.19.0 - Command Injection via Malicious APK File
Rapid7's Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary commands on a victim's machine.
CVSS 7.0
CVE-2018-11471 WRITEUP MEDIUM SUSPICIOUS
Cockpit 0.5.5 - Stored Cross-Site Scripting via Collection, Form, or Region
Cockpit 0.5.5 has XSS via a collection, form, or region.
CVSS 5.4
CVE-2018-11472 WRITEUP MEDIUM STUB
Monstra CMS 3.0.4 - Reflected Cross-Site Scripting via Login Parameter
Monstra CMS 3.0.4 has Reflected XSS during Login (i.e., the login parameter to admin/index.php).
CVSS 6.1
CVE-2018-11473 WRITEUP MEDIUM STUB
Monstra CMS 3.0.4 - Cross-Site Scripting via Registration Form Login Parameter
Monstra CMS 3.0.4 has XSS in the registration Form (i.e., the login parameter to users/registration).
CVSS 6.1