shadofren

4 exploits Active since Jan 2017
CVE-2016-2555 NOMISEC CRITICAL WORKING POC
ATutor 2.2.1 - SQL Injection via searchFriends Function
SQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary SQL commands via the searchFriends function to friends.inc.php.
3 stars
CVSS 9.8
CVE-2016-4010 NOMISEC CRITICAL WORKING POC
Magento < 2.0.6 - Unauthenticated PHP Object Injection via Serialized Shopping Cart Data
Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks and execute arbitrary PHP code via crafted serialized shopping cart data.
2 stars
CVSS 9.8
CVE-2018-6574 NOMISEC HIGH TROJAN
GO < 1.8.6 - Code Injection
Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.
CVSS 7.8
CVE-2013-3214 NOMISEC CRITICAL WORKING POC
vtiger CRM < 5.4.0 - PHP Code Injection via vtigerolservice.php
vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerability in 'vtigerolservice.php'.
CVSS 9.8