stealthcopter

3 exploits Active since Feb 2021
CVE-2020-28243 NOMISEC HIGH WORKING POC
Salt < 2015.8.10 - Command Injection
An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory.
18 stars
CVSS 7.8
CVE-2024-6386 NOMISEC CRITICAL WRITEUP
WPML <4.6.12 - RCE
The WPML plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.6.12 via Twig Server-Side Template Injection. This is due to missing input validation and sanitization on the render function. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server.
CVSS 9.9
CVE-2024-50477 EXPLOITDB CRITICAL text WORKING POC
Stacksmarket Stacks Mobile App Builder - Missing Authentication
Authentication Bypass Using an Alternate Path or Channel vulnerability in Stacks Stacks Mobile App Builder stacks-mobile-app-builder allows Authentication Bypass.This issue affects Stacks Mobile App Builder: from n/a through <= 5.2.3.
CVSS 9.8