r0lh

4 exploits Active since Mar 2018
CVE-2020-7247 NOMISEC CRITICAL WORKING POC
OpenSMTPD 6.6 - Remote Code Execution via MAIL FROM Field
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.
5 stars
CVSS 9.8
CVE-2019-8449 NOMISEC MEDIUM WORKING POC
Jira < 8.4.0 - Information Disclosure via Group User Picker Endpoint
The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability.
2 stars
CVSS 5.3
CVE-2022-1026 NOMISEC HIGH WORKING POC
Kyocera Net Viewer < 2s0_1000.005.0012s5_2000.002.505 - Unprotected User Data Exposure via Address Book Export
Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information, including usernames and passwords, through an insufficiently protected address book export function.
CVSS 8.6
CVE-2018-7600 NOMISEC CRITICAL WORKING POC
Drupal Drupalgeddon 2 Forms API Property Injection
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
CVSS 9.8