Axel '0vercl0k' Souchet - Security Researcher - Exploit Intelligence Platform

CVE-2021-31166 NOMISEC CRITICAL WORKING POC

Windows IIS HTTP Protocol Stack DOS

HTTP Protocol Stack Remote Code Execution Vulnerability

829 stars

CVSS 9.8

View Code

CVE-2019-11708 NOMISEC CRITICAL WORKING POC

Firefox ESR < 60.7.2, Firefox < 67.0.4, Thunderbird < 60.7.2 - RCE

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer. This vulnerability affects Firefox ESR < 60.7.2, Firefox < 67.0.4, and Thunderbird < 60.7.2.

623 stars

CVSS 10.0

View Code

CVE-2021-24086 NOMISEC HIGH WORKING POC

Windows - Denial of Service via TCP/IP

Windows TCP/IP Denial of Service Vulnerability

235 stars

CVSS 7.5

View Code

CVE-2021-28476 NOMISEC CRITICAL WORKING POC

Windows Hyper-V - Remote Code Execution

Windows Hyper-V Remote Code Execution Vulnerability

226 stars

CVSS 9.9

View Code

CVE-2021-31166 GITHUB CRITICAL python WORKING POC

Windows IIS HTTP Protocol Stack DOS

HTTP Protocol Stack Remote Code Execution Vulnerability

6 stars

CVSS 9.8

View Code

CVE-2021-24086 NOMISEC HIGH WORKING POC

Windows - Denial of Service via TCP/IP

Windows TCP/IP Denial of Service Vulnerability

1 stars

CVSS 7.5

View Code

CVE-2021-31166 GITLAB CRITICAL WORKING POC

Windows IIS HTTP Protocol Stack DOS

HTTP Protocol Stack Remote Code Execution Vulnerability

CVSS 9.8

View Code

CVE-2021-31166 GITLAB CRITICAL WORKING POC

Windows IIS HTTP Protocol Stack DOS

HTTP Protocol Stack Remote Code Execution Vulnerability

CVSS 9.8

View Code

CVE-2021-28476 GITLAB CRITICAL WORKING POC

Windows Hyper-V - Remote Code Execution

Windows Hyper-V Remote Code Execution Vulnerability

CVSS 9.9

View Code

CVE-2019-9810 VULNCHECK_XDB HIGH WORKING POC

Firefox < 66.0.1 and ESR < 60.6.1 - Memory Corruption via IonMonkey JIT Compiler

Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1.

CVSS 8.8

View Code

CVE-2021-31166 PATCHAPALOOZA CRITICAL WORKING POC

Windows IIS HTTP Protocol Stack DOS

HTTP Protocol Stack Remote Code Execution Vulnerability

CVSS 9.8

View Code

CVE-2021-31166 PATCHAPALOOZA CRITICAL WORKING POC

Windows IIS HTTP Protocol Stack DOS

HTTP Protocol Stack Remote Code Execution Vulnerability

CVSS 9.8

View Code

CVE-2021-31166 PATCHAPALOOZA CRITICAL WORKING POC

Windows IIS HTTP Protocol Stack DOS

HTTP Protocol Stack Remote Code Execution Vulnerability

CVSS 9.8

View Code

CVE-2019-11708 EXPLOITDB CRITICAL javascript WORKING POC

Firefox ESR < 60.7.2, Firefox < 67.0.4, Thunderbird < 60.7.2 - RCE

Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer. This vulnerability affects Firefox ESR < 60.7.2, Firefox < 67.0.4, and Thunderbird < 60.7.2.

CVSS 10.0

View Code

CVE-2019-9810 EXPLOITDB HIGH javascript WORKING POC

Firefox < 66.0.1 and ESR < 60.6.1 - Memory Corruption via IonMonkey JIT Compiler

Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1.

CVSS 8.8

View Code

CVE-2019-1184 EXPLOITDB MEDIUM WORKING POC

Windows Core Shell COM Server Registrar - Privilege Escalation

An elevation of privilege vulnerability exists when Windows Core Shell COM Server Registrar improperly handles COM calls. An attacker who successfully exploited this vulnerability could potentially set certain items to run at a higher level and thereby elevate permissions. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting unprotected COM calls.

CVSS 6.7

View Code