Cyb0r9

CVE-2019-0708 NOMISEC CRITICAL SCANNER

CVE-2019-0708 BlueKeep RDP Remote Windows Kernel Use After Free

A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.

243 stars

CVSS 9.8

View Code

CVE-2018-9995 NOMISEC CRITICAL WORKING POC

TBK DVR4104/DVR4216 - Auth Bypass

TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass authentication via a "Cookie: uid=admin" header, as demonstrated by a device.rsp?opt=user&cmd=list request that provides credentials within JSON data in a response.

111 stars

CVSS 9.8

View Code