vakzz

9 exploits Active since Jul 2017
CVE-2017-11519 NOMISEC CRITICAL WORKING POC
TP-Link Archer C9(UN) - Privilege Escalation
passwd_recovery.lua on the TP-Link Archer C9(UN)_V2_160517 allows an attacker to reset the admin password by leveraging a predictable random number generator seed. This is fixed in C9(UN)_V2_170511.
3 stars
CVSS 9.8
CVE-2021-22204 WRITEUP MEDIUM WRITEUP
GitLab Unauthenticated Remote ExifTool Command Injection
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image
CVSS 6.8
CVE-2022-2992 WRITEUP CRITICAL WRITEUP
GitLab GitHub Repo Import Deserialization RCE
A vulnerability in GitLab CE/EE affecting all versions from 11.10 prior to 15.1.6, 15.2 to 15.2.4, 15.3 to 15.3.2 allows an authenticated user to achieve remote code execution via the Import from GitHub API endpoint.
CVSS 9.9
CVE-2020-13286 WRITEUP MEDIUM WRITEUP
GitLab 12.7.0-13.0.11 - Server-Side Request Forgery via Git Configuration Settings
For GitLab before 13.0.12, 13.1.6, 13.2.3 user controlled git configuration settings can be modified to result in Server Side Request Forgery.
CVSS 6.4
CVE-2020-13338 WRITEUP MEDIUM WRITEUP
GitLab <12.10.13, 13.0.8, 13.1.2 - XSS
An issue has been discovered in GitLab affecting versions prior to 12.10.13, 13.0.8, 13.1.2. A stored cross-site scripting vulnerability was discovered when editing references.
CVSS 5.4
CVE-2020-26407 WRITEUP MEDIUM WRITEUP
GitLab 12.4-13.4.6, 13.5-13.5.4, 13.6-13.6.1 - Stored Cross-Site Scripting via Malicious Project Import
A XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a malicious project
CVSS 5.5
CVE-2022-0741 WRITEUP MEDIUM WRITEUP
GitLab 10.0.0-14.6.5 - Environment Variable Exposure via Sendmail Email Address Injection
Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables via specially crafted email addresses.
CVSS 5.8
CVE-2022-3066 WRITEUP MEDIUM WRITEUP
GitLab <15.2.5-15.4.1 - Info Disclosure
An issue has been discovered in GitLab affecting all versions starting from 10.0 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. It was possible for an unauthorised user to create issues in a project.
CVSS 5.4
CVE-2022-3067 WRITEUP MEDIUM WRITEUP
GitLab CE/EE <15.2.5-15.4.1 - Info Disclosure
An issue has been discovered in the Import functionality of GitLab CE/EE affecting all versions starting from 14.4 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. It was possible for an authenticated user to read arbitrary projects' content given the project's ID.
CVSS 6.5