shadofren - Security Researcher - Exploit Intelligence Platform

CVE-2016-2555 NOMISEC CRITICAL WORKING POC

Atutor - SQL Injection

SQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary SQL commands via the searchFriends function to friends.inc.php.

3 stars

CVSS 9.8

View Code

CVE-2016-4010 NOMISEC CRITICAL WORKING POC

Magento <2.0.6 - Code Injection

Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks and execute arbitrary PHP code via crafted serialized shopping cart data.

2 stars

CVSS 9.8

View Code

CVE-2018-6574 NOMISEC HIGH TROJAN

GO < 1.8.6 - Code Injection

Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.

CVSS 7.8

View Code

CVE-2013-3214 NOMISEC CRITICAL WORKING POC

vtiger CRM <5.4.0 - Code Injection

vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerability in 'vtigerolservice.php'.

CVSS 9.8

View Code