patrickhener

3 exploits Active since Jul 2020
CVE-2020-14293 NOMISEC HIGH WORKING POC
Secudos Domos < 5.8 - OS Command Injection
conf_datetime in Secudos DOMOS 5.8 allows remote attackers to execute arbitrary commands as root via shell metacharacters in the zone field (obtained from the web interface).
1 stars
CVSS 7.5
CVE-2020-14294 NOMISEC MEDIUM WRITEUP
Secudos Qiata Fta < 1.70.19 - XSS
An issue was discovered in Secudos Qiata FTA 1.70.19. The comment feature allows persistent XSS that is executed when reading transfer comments or the global notice board.
CVSS 6.1
CVE-2020-15492 NOMISEC CRITICAL WORKING POC
Inneo Startup Tools < 13.0.70.3804 - Path Traversal
An issue was discovered in INNEO Startup TOOLS 2017 M021 12.0.66.3784 through 2018 M040 13.0.70.3804. The sut_srv.exe web application (served on TCP port 85) includes user input into a filesystem access without any further validation. This might allow an unauthenticated attacker to read files on the server via Directory Traversal, or possibly have unspecified other impact.
CVSS 9.8