vakzz

7 exploits Active since Jul 2017
CVE-2017-11519 NOMISEC CRITICAL WORKING POC
TP-Link Archer C9(UN) - Privilege Escalation
passwd_recovery.lua on the TP-Link Archer C9(UN)_V2_160517 allows an attacker to reset the admin password by leveraging a predictable random number generator seed. This is fixed in C9(UN)_V2_170511.
3 stars
CVSS 9.8
CVE-2020-13286 WRITEUP MEDIUM WRITEUP
GitLab <13.0.12-13.2.3 - SSRF
For GitLab before 13.0.12, 13.1.6, 13.2.3 user controlled git configuration settings can be modified to result in Server Side Request Forgery.
CVSS 6.4
CVE-2020-13338 WRITEUP MEDIUM WRITEUP
GitLab <12.10.13, 13.0.8, 13.1.2 - XSS
An issue has been discovered in GitLab affecting versions prior to 12.10.13, 13.0.8, 13.1.2. A stored cross-site scripting vulnerability was discovered when editing references.
CVSS 5.4
CVE-2020-26407 WRITEUP MEDIUM WRITEUP
Gitlab CE/EE <13.4.7-<13.6.2 - XSS
A XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a malicious project
CVSS 5.5
CVE-2022-0741 WRITEUP MEDIUM WRITEUP
GitLab CE/EE - Info Disclosure
Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables via specially crafted email addresses.
CVSS 5.8
CVE-2022-3066 WRITEUP MEDIUM WRITEUP
GitLab <15.2.5-15.4.1 - Info Disclosure
An issue has been discovered in GitLab affecting all versions starting from 10.0 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. It was possible for an unauthorised user to create issues in a project.
CVSS 5.4
CVE-2022-3067 WRITEUP MEDIUM WRITEUP
GitLab CE/EE <15.2.5-15.4.1 - Info Disclosure
An issue has been discovered in the Import functionality of GitLab CE/EE affecting all versions starting from 14.4 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. It was possible for an authenticated user to read arbitrary projects' content given the project's ID.
CVSS 6.5