zxj-hub

2 exploits Active since Aug 2024
CVE-2024-7954 NOMISEC CRITICAL WRITEUP
SPIP porte_plume - Unauthenticated PHP Code Execution
The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request.
CVSS 9.8
CVE-2024-41713 NOMISEC CRITICAL WORKING POC
Mitel MiCollab < 9.8.1.201 - Unauthenticated Path Traversal in NuPoint Unified Messaging
A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP1 FP2 (9.8.1.201) could allow an unauthenticated attacker to conduct a path traversal attack, due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the attacker to view, corrupt, or delete users' data and system configurations.
CVSS 9.1