ASkyeye

8 exploits Active since Dec 2018
CVE-2023-21839 NOMISEC HIGH WORKING POC
Oracle WebLogic Server <14.1.1.0.0 - RCE
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
114 stars
CVSS 7.5
CVE-2018-19320 NOMISEC HIGH WORKING POC
GIGABYTE APP Center <1.05.21 - Memory Corruption
The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC GURU II v2.08 exposes ring0 memcpy-like functionality that could allow a local attacker to take complete control of the affected system.
20 stars
CVSS 7.8
CVE-2022-21894 NOMISEC MEDIUM WORKING POC
Microsoft Windows 10 - Incorrect Authorization
Secure Boot Security Feature Bypass Vulnerability
15 stars
CVSS 4.4
CVE-2023-0045 NOMISEC MEDIUM WORKING POC
prctl - Use After Free
The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set  function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall.  The patch that added the support for the conditional mitigation via prctl (ib_prctl_set) dates back to the kernel 4.9.176. We recommend upgrading past commit a664ec9158eeddd75121d39c9a0758016097fa96
3 stars
CVSS 4.7
CVE-2022-1966 NOMISEC WORKING POC
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-32250. Reason: This candidate is a duplicate of CVE-2022-32250. Notes: All CVE users should reference CVE-2022-32250 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
3 stars
CVE-2022-24934 NOMISEC CRITICAL WORKING POC
Wps Office < 11.2.0.10382 - Remote Code Execution
wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code execution by modifying HKEY_CURRENT_USER in the registry.
1 stars
CVSS 9.8
CVE-2022-2588 NOMISEC MEDIUM WORKING POC
Linux kernel - Use After Free
It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0.
1 stars
CVSS 5.3
CVE-2020-6418 NOMISEC HIGH NO CODE
Google Chrome <80.0.3987.122 - Heap Corruption
Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS 8.8