CCIEVoice2009

3 exploits Active since Oct 2023
CVE-2024-49112 NOMISEC CRITICAL WORKING POC
Windows LDAP - Remote Code Execution via Integer Overflow
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
3 stars
CVSS 9.8
CVE-2024-1086 NOMISEC HIGH WORKING POC
Linux Kernel 3.15-5.15.149 - Use-After-Free in nf_tables Component
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660.
CVSS 7.8
CVE-2023-46604 NOMISEC CRITICAL WORKING POC
Java OpenWire - Deserialization RCE
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath. Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue.
CVSS 10.0