Connor McGarr

5 exploits Active since Jan 2019
CVE-2020-1350 NOMISEC CRITICAL WORKING POC
Microsoft Windows Server 2008 - Improper Input Validation
A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS Server Remote Code Execution Vulnerability'.
11 stars
CVSS 10.0
CVE-2019-0567 NOMISEC HIGH WORKING POC
Microsoft Edge - Memory Corruption
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0539, CVE-2019-0568.
CVSS 7.5
CVE-2019-25612 EXPLOITDB HIGH python WORKING POC
Admin Express 1.2.5.485 Local SEH Buffer Overflow via Folder Path
Admin Express 1.2.5.485 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an alphanumeric encoded payload in the Folder Path field. Attackers can trigger the vulnerability through the System Compare feature by pasting a crafted buffer overflow payload into the left-hand side Folder Path field and clicking the scale icon to execute shellcode with application privileges.
CVSS 7.8
CVE-2019-25609 EXPLOITDB HIGH python WORKING POC
JetAudio jetCast Server 2.0 Local SEH Buffer Overflow
JetAudio jetCast Server 2.0 contains a stack-based buffer overflow vulnerability in the Log Directory configuration field that allows local attackers to overwrite structured exception handling pointers. Attackers can inject alphanumeric encoded shellcode through the Log Directory field to trigger an SEH exception handler and execute arbitrary code with application privileges.
CVSS 8.4
CVE-2019-25467 EXPLOITDB HIGH python WORKING POC
Verypdf docPrint Pro 8.0 - Buffer Overflow
Verypdf docPrint Pro 8.0 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized alphanumeric encoded payload in the User Password or Master Password fields. Attackers can craft a malicious payload with encoded shellcode and SEH chain manipulation to bypass protections and execute a MessageBox proof-of-concept when the password fields are processed during PDF encryption.
CVSS 8.4