securelayer7

6 exploits Active since Aug 2019
CVE-2024-38856 NOMISEC CRITICAL WORKING POC
Apache OFBiz forgotPassword/ProgramExport RCE
Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met (such as when the screen definitions don't explicitly check user's permissions because they rely on the configuration of their endpoints).
48 stars
CVSS 9.8
CVE-2019-13143 NOMISEC CRITICAL WORKING POC
Shenzhen Dragon Brothers Fb50 Firmware - Improper Input Validation
An HTTP parameter pollution issue was discovered on Shenzhen Dragon Brothers Fingerprint Bluetooth Round Padlock FB50 2.3. With the user ID, user name, and the lock's MAC address, anyone can unbind the existing owner of the lock, and bind themselves instead. This leads to complete takeover of the lock. The user ID, name, and MAC address are trivially obtained from APIs found within the Android or iOS application. With only the MAC address of the lock, any attacker can transfer ownership of the lock from the current user, over to the attacker's account. Thus rendering the lock completely inaccessible to the current user.
16 stars
CVSS 9.8
CVE-2024-22263 NOMISEC HIGH SCANNER
Spring Cloud Data Flow - Path Traversal
Spring Cloud Data Flow is a microservices-based Streaming and Batch data processing in Cloud Foundry and Kubernetes. The Skipper server has the ability to receive upload package requests. However, due to improper sanitization for upload path, a malicious user who has access to skipper server api can use a crafted upload request to write arbitrary file to any location on file system, may even compromises the server.
5 stars
CVSS 8.8
CVE-2023-26360 NOMISEC HIGH WORKING POC
Adobe ColdFusion <2018 Update 15, 2021 Update 5 - RCE
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.
5 stars
CVSS 8.6
CVE-2024-38856 NOMISEC CRITICAL WORKING POC
Apache OFBiz forgotPassword/ProgramExport RCE
Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met (such as when the screen definitions don't explicitly check user's permissions because they rely on the configuration of their endpoints).
1 stars
CVSS 9.8
CVE-2019-8805 NOMISEC HIGH WORKING POC
macOS Catalina <10.15.1 - Privilege Escalation
A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue is fixed in macOS Catalina 10.15.1. An application may be able to execute arbitrary code with system privileges.
1 stars
CVSS 7.8