Fakhri Zulkifli

11 exploits Active since Jun 2018
CVE-2018-12326 NOMISEC HIGH WORKING POC
Redis <4.0.10 & 5.x <5.0 RC3 - Buffer Overflow
Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privileges via a crafted command line. NOTE: It is unclear whether there are any common situations in which redis-cli is used with, for example, a -h (aka hostname) argument from an untrusted source.
CVSS 8.4
CVE-2018-13457 EXPLOITDB MEDIUM text WORKING POC
Nagios Core < 4.4.1 - NULL Pointer Dereference
qh_echo in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
CVSS 5.5
CVE-2018-13441 EXPLOITDB MEDIUM text WORKING POC
Nagios < 4.4.1 - NULL Pointer Dereference
qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
CVSS 5.5
CVE-2018-16517 EXPLOITDB MEDIUM text WORKING POC
Nasm Netwide Assembler < 2.13.03 - NULL Pointer Dereference
asm/labels.c in Netwide Assembler (NASM) is prone to NULL Pointer Dereference, which allows the attacker to cause a denial of service via a crafted file.
CVSS 5.5
CVE-2018-12326 EXPLOITDB HIGH python WORKING POC
Redis <4.0.10 & 5.x <5.0 RC3 - Buffer Overflow
Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privileges via a crafted command line. NOTE: It is unclear whether there are any common situations in which redis-cli is used with, for example, a -h (aka hostname) argument from an untrusted source.
CVSS 8.4
EIP-2026-102739 EXPLOITDB text WORKING POC
SIPp 3.6 - Local Buffer Overflow (PoC)
CVE-2018-13458 EXPLOITDB MEDIUM text WORKING POC
Nagios Core < 4.4.1 - NULL Pointer Dereference
qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
CVSS 5.5
CVE-2018-12327 EXPLOITDB CRITICAL text WORKING POC
NTP 4.2.8p11 - Buffer Overflow
Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source.
CVSS 9.8
CVE-2018-12617 EXPLOITDB HIGH text WORKING POC
QEMU Guest Agent <2.12.50 - Memory Corruption
qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket.
CVSS 7.5
CVE-2018-12453 EXPLOITDB HIGH text WORKING POC
Redis <5.0 - DoS
Type confusion in the xgroupCommand function in t_stream.c in redis-server in Redis before 5.0 allows remote attackers to cause denial-of-service via an XGROUP command in which the key is not a stream.
CVSS 7.5
EIP-2026-101528 EXPLOITDB text WORKING POC
ASUS DSL-N12E_C1 1.1.2.3_345 - Remote Command Execution