Ekultek

10 exploits Active since Aug 2015
CVE-2019-0708 NOMISEC CRITICAL WORKING POC
CVE-2019-0708 BlueKeep RDP Remote Windows Kernel Use After Free
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
1,187 stars
CVSS 9.8
CVE-2018-11776 NOMISEC HIGH WORKING POC
Apache Struts 2 Namespace Redirect OGNL Injection
Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace.
21 stars
CVSS 8.1
CVE-2019-17625 NOMISEC CRITICAL WORKING POC
Rambox 0.6.9 - Stored Cross-Site Scripting and OS Command Injection via Service Name Field
There is a stored XSS in Rambox 0.6.9 that can lead to code execution. The XSS is in the name field while adding/editing a service. The problem occurs due to incorrect sanitization of the name field when being processed and stored. This allows a user to craft a payload for Node.js and Electron, such as an exec of OS commands within the onerror attribute of an IMG element.
19 stars
CVSS 9.0
CVE-2018-19788 NOMISEC HIGH WORKING POC
PolicyKit <0.115 - Privilege Escalation
A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.
19 stars
CVSS 8.8
CVE-2019-7216 NOMISEC HIGH WRITEUP
FileChucker 4.99e-free-e02 - Filter Bypass
An issue was discovered in FileChucker 4.99e-free-e02. filechucker.cgi has a filter bypass that allows a malicious user to upload any type of file by using % characters within the extension, e.g., file.%ph%p becomes file.php.
10 stars
CVSS 7.8
CVE-2019-0708 NOMISEC CRITICAL WORKING POC
CVE-2019-0708 BlueKeep RDP Remote Windows Kernel Use After Free
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
1 stars
CVSS 9.8
CVE-2018-0708 NOMISEC HIGH WORKING POC
QNAP Q'center < 1.7.1063 - Authenticated OS Command Injection
Command injection vulnerability in networking of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
1 stars
CVSS 8.8
CVE-2018-0708 GITLAB HIGH WORKING POC
QNAP Q'center < 1.7.1063 - Authenticated OS Command Injection
Command injection vulnerability in networking of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
CVSS 8.8
CVE-2019-0708 GITLAB CRITICAL WORKING POC
CVE-2019-0708 BlueKeep RDP Remote Windows Kernel Use After Free
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
CVSS 9.8
CVE-2015-5531 VULNCHECK_XDB WORKING POC
Elasticsearch <1.6.1 - Path Traversal
Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls.