ExploitCN

5 exploits Active since Jun 2012
CVE-2013-3660 NOMISEC HIGH NO CODE
Microsoft Windows 7 - Memory Corruption
The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability."
3 stars
CVSS 7.8
CVE-2021-1732 NOMISEC HIGH STUB
Microsoft Windows 10 1803 - Out-of-Bounds Write
Windows Win32k Elevation of Privilege Vulnerability
CVSS 7.8
CVE-2018-11321 NOMISEC MEDIUM
Joomla! < 3.8.8 - Improper Input Validation
An issue was discovered in com_fields in Joomla! Core before 3.8.8. Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated option.
CVSS 6.5
CVE-2012-1876 NOMISEC NO CODE
Microsoft Internet Explorer - Code Injection
Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
CVE-2014-1767 NOMISEC WORKING POC
Microsoft Windows - Privilege Escalation
Double free vulnerability in the Ancillary Function Driver (AFD) in afd.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."