1stPeak

3 exploits Active since Aug 2018
CVE-2020-0796 NOMISEC CRITICAL SCANNER
Windows 10 1903/1909 and Windows Server 1903/1909 - Remote Code Execution via SMBv3 Compression Buffer Overflow
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.
1 stars
CVSS 10.0
CVE-2019-2725 NOMISEC CRITICAL
Oracle WebLogic Server 10.3.6.0.0 and 12.1.3.0.0 - Unauthenticated Remote Code Execution via HTTP
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVSS 9.8
CVE-2018-15473 NOMISEC MEDIUM WORKING POC
OpenSSH < 7.7 - User Enumeration via Authentication Request Timing
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
CVSS 5.3