p33d

11 exploits Active since Feb 2024
CVE-2024-45519 NOMISEC CRITICAL WORKING POC
Zimbra Collaboration <8.8.15-9.0.0-10.0.9-10.1.1 - Command Injection
The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands.
42 stars
CVSS 10.0
CVE-2024-23113 NOMISEC CRITICAL SCANNER
Fortinet FortiOS/FortiProxy/FortiPAM/FortiSwitchManager Format String Vulnerability via Crafted Packets
A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets.
10 stars
CVSS 9.8
CVE-2024-43917 NOMISEC CRITICAL WORKING POC
WordPress TI WooCommerce Wishlist SQL Injection (CVE-2024-43917)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TemplateInvaders TI WooCommerce Wishlist allows SQL Injection.This issue affects TI WooCommerce Wishlist: from n/a through 2.8.2.
8 stars
CVSS 9.3
CVE-2024-9441 NOMISEC CRITICAL WORKING POC
Linear eMerge e3-Series <1.00-07 - Command Injection
The Linear eMerge e3-Series through version 1.00-07 is vulnerable to an OS command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary OS commands via the login_id parameter when invoking the forgot_password functionality over HTTP.
6 stars
CVSS 9.8
CVE-2024-43363 NOMISEC HIGH WORKING POC
Cacti < 1.2.28 - Authenticated Remote Code Execution via Log Poisoning
Cacti is an open source performance and fault management framework. An admin user can create a device with a malicious hostname containing php code and repeat the installation process (completing only step 5 of the installation process is enough, no need to complete the steps before or after it) to use a php file as the cacti log file. After having the malicious hostname end up in the logs (log poisoning), one can simply go to the log file url to execute commands to achieve RCE. This issue has been addressed in version 1.2.28 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
4 stars
CVSS 7.2
CVE-2024-9464 GITHUB MEDIUM
Palo Alto Networks Expedition 1.2.0-1.2.95 - Authenticated OS Command Injection
An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.
CVSS 6.5
CVE-2025-1323 NOMISEC HIGH WORKING POC
WP-Recall < 16.26.10 - Unauthenticated SQL Injection via Databeat Parameter
The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to SQL Injection via the 'databeat' parameter in all versions up to, and including, 16.26.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVSS 7.5
CVE-2024-5910 NOMISEC CRITICAL
Palo Alto Expedition Remote Code Execution (CVE-2024-5910 and CVE-2024-9464)
Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition. Note: Expedition is a tool aiding in configuration migration, tuning, and enrichment. Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue.
CVSS 9.8
CVE-2024-8275 NOMISEC CRITICAL WORKING POC
The Events Calendar <6.6.4 - SQL Injection
The The Events Calendar plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'tribe_has_next_event' function in all versions up to, and including, 6.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Only sites that have manually added tribe_has_next_event() will be vulnerable to this SQL injection.
CVSS 9.8
CVE-2024-38063 NOMISEC CRITICAL
Windows TCP/IP - Remote Code Execution
Windows TCP/IP Remote Code Execution Vulnerability
CVSS 9.8
CVE-2023-25581 NOMISEC CRITICAL WORKING POC
pac4j-core < 4.0.0 - Remote Code Execution via Java Deserialization with {#sb64} Prefix
pac4j is a security framework for Java. `pac4j-core` prior to version 4.0.0 is affected by a Java deserialization vulnerability. The vulnerability affects systems that store externally controlled values in attributes of the `UserProfile` class from pac4j-core. It can be exploited by providing an attribute that contains a serialized Java object with a special prefix `{#sb64}` and Base64 encoding. This issue may lead to Remote Code Execution (RCE) in the worst case. Although a `RestrictedObjectInputStream` is in place, that puts some restriction on what classes can be deserialized, it still allows a broad range of java packages and potentially exploitable with different gadget chains. pac4j versions 4.0.0 and greater are not affected by this issue. Users are advised to upgrade. There are no known workarounds for this vulnerability.