rabbitsafe

3 exploits Active since Jan 2021
CVE-2021-36260 NOMISEC CRITICAL WORKING POC
Hikvision IP Camera Unauthenticated Command Injection
A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.
16 stars
CVSS 9.8
CVE-2021-2109 NOMISEC HIGH WORKING POC
Oracle WebLogic Server <14.1.1.0.0 - RCE
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
9 stars
CVSS 7.2
CVE-2021-37580 NOMISEC CRITICAL WORKING POC
Apache Shenyu < 2.4.1 - Authentication Bypass
A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0
4 stars
CVSS 9.8