CrackerCat

27 exploits Active since Jul 2019
CVE-2021-30632 NOMISEC HIGH WRITEUP
Google Chrome <93.0.4577.82 - Heap Corruption
Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
14 stars
CVSS 8.8
CVE-2020-0108 NOMISEC HIGH WORKING POC
Android - Local Privilege Escalation via Uncaught Exception in ServiceRecord
In postNotification of ServiceRecord.java, there is a possible bypass of foreground process restrictions due to an uncaught exception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.1 Android-9Android ID: A-140108616
11 stars
CVSS 7.8
CVE-2024-35250 NOMISEC HIGH WORKING POC
Windows Kernel-Mode Driver - Privilege Escalation
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
8 stars
CVSS 7.8
CVE-2024-26160 NOMISEC MEDIUM WORKING POC
Microsoft Windows 11 22h2 < 10.0.22621.3296 - Buffer Over-read
Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability
3 stars
CVSS 5.5
CVE-2021-44228 NOMISEC CRITICAL NO CODE
Log4Shell HTTP Header Injection
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
3 stars
CVSS 10.0
CVE-2021-22006 NOMISEC HIGH WORKING POC
VMware Cloud Foundation 3.0-4.9 and vCenter Server - Reverse Proxy Bypass via URI Handling
The vCenter Server contains a reverse proxy bypass vulnerability due to the way the endpoints handle the URI. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to access restricted endpoints.
3 stars
CVSS 7.5
CVE-2020-7961 NOMISEC CRITICAL WORKING POC
Liferay Portal <7.2.1 CE GA2 - Code Injection
Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS).
2 stars
CVSS 9.8
CVE-2021-26411 NOMISEC HIGH SUSPICIOUS
Microsoft Edge - Use After Free
Internet Explorer Memory Corruption Vulnerability
2 stars
CVSS 8.8
CVE-2020-11492 NOMISEC HIGH WORKING POC
Docker Desktop < 2.2.0.5 - Privilege Escalation via Named Pipe Race Condition
An issue was discovered in Docker Desktop through 2.2.0.5 on Windows. If a local attacker sets up their own named pipe prior to starting Docker with the same name, this attacker can intercept a connection attempt from Docker Service (which runs as SYSTEM), and then impersonate their privileges.
2 stars
CVSS 7.8
CVE-2019-2215 NOMISEC HIGH WORKING POC
Android Binder Use-After-Free Exploit
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095
2 stars
CVSS 7.8
CVE-2024-40676 NOMISEC HIGH WRITEUP
Android - Local Privilege Escalation via Confused Deputy in AccountManagerService
In checkKeyIntent of AccountManagerService.java, there is a possible way to bypass intent security check and install an unknown app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
1 stars
CVSS 7.7
CVE-2024-32002 NOMISEC CRITICAL NO CODE
Git <2.45.1-2.39.4 - Code Injection
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.
1 stars
CVSS 9.0
CVE-2023-4863 NOMISEC HIGH STUB
Google Chrome <116.0.5845.187 - Buffer Overflow
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
1 stars
CVSS 8.8
CVE-2021-44852 NOMISEC HIGH WORKING POC
Biostar RACING GT Evo <2.1.1905.1700 - Code Injection
An issue was discovered in BS_RCIO64.sys in Biostar RACING GT Evo 2.1.1905.1700. A low-integrity process can open the driver's device object and issue IOCTLs to read or write to arbitrary physical memory locations (or call an arbitrary address), leading to execution of arbitrary code. This is associated with 0x226040, 0x226044, and 0x226000.
1 stars
CVSS 7.8
CVE-2020-3187 NOMISEC CRITICAL WORKING POC
Cisco ASA & FTD - Unauthenticated Path Traversal & Arbitrary File Deletion via HTTP
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and obtain read and delete access to sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences. An exploit could allow the attacker to view or delete arbitrary files on the targeted system. When the device is reloaded after exploitation of this vulnerability, any files that were deleted are restored. The attacker can only view and delete files within the web services file system. This file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability can not be used to obtain access to ASA or FTD system files or underlying operating system (OS) files. Reloading the affected device will restore all files within the web services file system.
1 stars
CVSS 9.1
CVE-2020-1020 NOMISEC HIGH WORKING POC
Microsoft Windows - Remote Code Execution via Adobe Type Manager Library Font Parsing
A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Adobe Font Manager Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0938.
1 stars
CVSS 8.8
CVE-2023-46604 NOMISEC CRITICAL WORKING POC
Java OpenWire - Deserialization RCE
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath. Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue.
CVSS 10.0
CVE-2020-0601 NOMISEC HIGH WORKING POC
Windows 10 and Windows Server - Certificate Spoofing via ECC Certificate Validation
A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'.
CVSS 8.1
CVE-2024-44083 NOMISEC HIGH WORKING POC
Hex-Rays IDA Pro < 8.4 - Denial of Service via Malformed Section Jumps
ida64.dll in Hex-Rays IDA Pro through 8.4 crashes when there is a section that has many jumps linked, and the final jump corresponds to the payload from where the actual entry point will be invoked. NOTE: in many use cases, this is an inconvenience but not a security issue.
CVSS 7.5
CVE-2024-21762 NOMISEC CRITICAL WORKING POC
FortiOS/FortiProxy Out-of-bounds Write Vulnerability
A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests
CVSS 9.8
CVE-2022-24112 NOMISEC CRITICAL WORKING POC
APISIX Admin API default access token RCE
An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. A default configuration of Apache APISIX (with default API key) is vulnerable to remote code execution. When the admin key was changed or the port of Admin API was changed to a port different from the data panel, the impact is lower. But there is still a risk to bypass the IP restriction of Apache APISIX's data panel. There is a check in the batch-requests plugin which overrides the client IP with its real remote IP. But due to a bug in the code, this check can be bypassed.
CVSS 9.8
CVE-2022-26927 NOMISEC HIGH STUB
Windows 10 and Windows 11 - Remote Code Execution in Graphics Component
Windows Graphics Component Remote Code Execution Vulnerability
CVSS 8.8
CVE-2021-3438 NOMISEC HIGH WORKING POC
HP LaserJet and Samsung Printer Drivers - Buffer Overflow
A potential buffer overflow in the software drivers for certain HP LaserJet products and Samsung product printers could lead to an escalation of privilege.
CVSS 7.8
CVE-2021-26084 NOMISEC CRITICAL WORKING POC
Atlassian Confluence Server and Data Center - OGNL Injection
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.
CVSS 9.8
CVE-2019-1096 NOMISEC MEDIUM WORKING POC
Windows - Information Disclosure in win32k Component
An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'.
CVSS 5.5