skraft9

3 exploits Active since Apr 2025
CVE-2025-53392 NOMISEC MEDIUM WRITEUP
pfSense 2.8.0 - Authenticated Absolute Path Traversal via diag_command.php dlPath Parameter
In Netgate pfSense CE 2.8.0, the "WebCfg - Diagnostics: Command" privilege allows reading arbitrary files via diag_command.php dlPath directory traversal. NOTE: the Supplier's perspective is that this is intended behavior for this privilege level, and that system administrators are informed through both the product documentation and UI.
14 stars
CVSS 5.0
CVE-2025-44823 NOMISEC CRITICAL WORKING POC
Nagios Log Server <2024R1.3.2 - Info Disclosure
Nagios Log Server before 2024R1.3.2 allows authenticated users to retrieve cleartext administrative API keys via a /nagioslogserver/index.php/api/system/get_users call. This is GL:NLS#475.
CVSS 9.9
CVE-2025-29471 NOMISEC HIGH WORKING POC
Nagios Log Server 2024R1.3.1 - Cross-Site Scripting via Email Field
Cross Site Scripting vulnerability in Nagios Log Server v.2024R1.3.1 allows a remote attacker to execute arbitrary code via a payload into the Email field.
CVSS 8.3