r0cky

8 exploits Active since Mar 2021
CVE-2021-22006 NOMISEC HIGH WORKING POC
vCenter Server - SSRF
The vCenter Server contains a reverse proxy bypass vulnerability due to the way the endpoints handle the URI. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to access restricted endpoints.
3 stars
CVSS 7.5
CVE-2021-22214 NOMISEC MEDIUM WORKING POC
Gitlab < 13.10.5 - SSRF
When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting from 10.5 was possible to exploit for an unauthenticated attacker even on a GitLab instance where registration is limited
1 stars
CVSS 6.8
CVE-2021-26084 NOMISEC CRITICAL WORKING POC
Atlassian Confluence Server and Data Center - OGNL Injection
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.
1 stars
CVSS 9.8
CVE-2021-21985 GITLAB CRITICAL WORKING POC
Vmware Vcenter Server < 3.10.2.1 - SSRF
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.
CVSS 9.8
CVE-2021-26855 NOMISEC CRITICAL WORKING POC
Microsoft Exchange ProxyLogon RCE
Microsoft Exchange Server Remote Code Execution Vulnerability
CVSS 9.1
CVE-2021-29200 NOMISEC CRITICAL WORKING POC
Apache Ofbiz < 17.12.07 - Insecure Deserialization
Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can perform an RCE attack
CVSS 9.8
CVE-2021-26295 NOMISEC CRITICAL WORKING POC
Apache OFBiz SOAP Java Deserialization
Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz.
CVSS 9.8
CVE-2021-22005 VULNCHECK_XDB CRITICAL WORKING POC
Vmware Cloud Foundation < 5.0 - Path Traversal
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file.
CVSS 9.8