Posts
Fatih's Blog
Cancel

Missing IP Address Control in isPublic() Function Leads to SSRF Bypass PoC

Software: NPM - Ip Package Vulnerability: Missing IP Address Control CVE: CVE-2023-42282 Discoverer: Fatih Çelik & Emre Durmaz Description of the product: IP address utilities for node....

Deserialization of Untrusted Data in pytorch-lightning

Software: [https://github.com/pytorchlightning/pytorch-lightning) Vulnerability: Insecure Yaml Deserialization CVE: CVE-2021-4118 Description of the product: Lightning disentangles PyTorch c...

NULL Pointer Dereference | Deark

Software: https://github.com/jsummers/deark/ Version: 1.5.7-1 Vulnerability: NULL Pointer Dereference CVE: CVE-2021-28855 Description of the product: A utility for file format and metadata ...

Division By Zero | Deark

Version: 1.5.7-1 Bug: Division by Zero CVE: CVE-2021-28856 Description of the product: A utility for file format and metadata analysis, data extraction, decompression, and image format decod...

Group Office CRM | Stored XSS via SVG File

Software: https://sourceforge.net/projects/group-office/ Version: 6.4.196 Vulnerability: Cross Site Scripting CVE: CVE-2020-35418 && CVE-2020-35419 Description of the product: Group...

Group Office CRM | SSRF

Software: https://sourceforge.net/projects/group-office/ Version: 6.4.196 Vulnerability: SSRF CVE: CVE-2021-28060 Description of the product: Group Office is an open source groupware applic...

Sentrifugo 3.2 | SQLi [employeeNumId] parameter | CVE-2020-26805

Software: https://sourceforge.net/projects/sentrifugo/ Version: 3.2 Vulnerability: Unrestricted File Upload CVE: CVE-2020-26805 Sentrifugo is a FREE and powerful Human Resource Management Sy...

Sentrifugo 3.2 | RCE [Authenticated] (assets) | CVE-2020-26803

Software: https://sourceforge.net/projects/sentrifugo/ Version: 3.2 Vulnerability: Unrestricted File Upload CVE: CVE-2020-26803 Exploit-DB: https://www.exploit-db.com/exploits/48997 Sentrif...

Sentrifugo 3.2 | RCE [Authenticated] (announcements) | CVE-2020-26804

Software: https://sourceforge.net/projects/sentrifugo/ Version: 3.2 Vulnerability: Unrestricted File Upload CVE: CVE-2020-26804 Exploit-DB: https://www.exploit-db.com/exploits/48998 Sentrif...

CMSUno 1.6.2 | RCE [Authenticated] (password.php) | CVE-2020-25557

Vendor: https://github.com/boiteasite/cmsuno/ Version: 1.6.2Vulnerability: Code Injection CVE: CVE-2020-25557 Exploit-DB: https://www.exploit-db.com/exploits/49031 Analysis If you read my othe...