overgrowncarrot1

8 exploits Active since Mar 2019
CVE-2023-34152 NOMISEC CRITICAL WORKING POC
ImageMagick - Remote Code Execution via OpenBlob Pipe Handling
A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured.
10 stars
CVSS 9.8
CVE-2023-24078 NOMISEC HIGH WORKING POC
FuguHub < 8.1 - Remote Code Execution via CMS Docs Component
Real Time Logic FuguHub v8.1 and earlier was discovered to contain a remote code execution (RCE) vulnerability via the component /FuguHub/cmsdocs/.
7 stars
CVSS 8.8
CVE-2023-27163 NOMISEC MEDIUM WORKING POC
request-baskets < 1.2.1 - Server-Side Request Forgery via /api/baskets/{name} Endpoint
request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.
2 stars
CVSS 6.5
CVE-2023-0297 NOMISEC CRITICAL WORKING POC
pyLoad js2py Python Execution
Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.
1 stars
CVSS 9.8
CVE-2019-1003030 NOMISEC CRITICAL WORKING POC
Jenkins Pipeline: Groovy Plugin <2.63 - RCE
A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShell.java that allows attackers able to control pipeline scripts to execute arbitrary code on the Jenkins master JVM.
1 stars
CVSS 9.9
CVE-2023-27163 NOMISEC MEDIUM WORKING POC
request-baskets < 1.2.1 - Server-Side Request Forgery via /api/baskets/{name} Endpoint
request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.
CVSS 6.5
CVE-2021-22911 NOMISEC CRITICAL WORKING POC
Rocket.Chat 3.11-3.13 - Unauthenticated NoSQL Injection and Remote Code Execution
A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE.
CVSS 9.8
CVE-2021-22205 NOMISEC CRITICAL WORKING POC
GitLab 11.9.0-13.8.7 - Unauthenticated Remote Code Execution via ExifTool Image Parsing
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.
CVSS 10.0