pswalia2u

3 exploits Active since Feb 2018
CVE-2020-7246 NOMISEC HIGH WORKING POC
Qdpm < 9.1 - Path Traversal
A remote code execution (RCE) vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code file via the profile photo functionality, by leveraging a path traversal vulnerability in the users['photop_preview'] delete photo feature, allowing bypass of .htaccess protection. NOTE: this issue exists because of an incomplete fix for CVE-2015-3884.
1 stars
CVSS 8.8
CVE-2025-24071 NOMISEC MEDIUM WORKING POC
Microsoft Windows 10 1507 < 10.0.10240.20947 - Information Disclosure
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.
CVSS 6.5
CVE-2018-6574 NOMISEC HIGH WORKING POC
GO < 1.8.6 - Code Injection
Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.
CVSS 7.8