Fakhri Zulkifli

11 exploits Active since Jun 2018
CVE-2018-12326 NOMISEC HIGH WORKING POC
Redis <4.0.10 & 5.x <5.0 RC3 - Buffer Overflow
Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privileges via a crafted command line. NOTE: It is unclear whether there are any common situations in which redis-cli is used with, for example, a -h (aka hostname) argument from an untrusted source.
CVSS 8.4
CVE-2018-25356 EXPLOITDB HIGH text WORKING POC
SIPp 3.6 Local Buffer Overflow via Command-line Arguments
SIPp 3.6 and earlier contains a local buffer overflow vulnerability in command-line argument handling that allows local attackers to crash the application or execute arbitrary code. Attackers can trigger the vulnerability by supplying oversized input to the -3pcc, -i, or -log_file parameters, causing strcpy to write beyond buffer boundaries in sipp.cpp.
CVSS 8.4
CVE-2018-13457 EXPLOITDB MEDIUM text WORKING POC
Nagios Core < 4.4.1 - Denial of Service via NULL Pointer Dereference in qh_echo
qh_echo in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
CVSS 5.5
CVE-2018-13441 EXPLOITDB MEDIUM text WORKING POC
Nagios < 4.4.1 - Denial of Service via qh_help NULL Pointer Dereference
qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
CVSS 5.5
CVE-2018-16517 EXPLOITDB MEDIUM text WORKING POC
Netwide Assembler < 2.13.03 - Denial of Service via Crafted File
asm/labels.c in Netwide Assembler (NASM) is prone to NULL Pointer Dereference, which allows the attacker to cause a denial of service via a crafted file.
CVSS 5.5
CVE-2018-12326 EXPLOITDB HIGH python WORKING POC
Redis <4.0.10 & 5.x <5.0 RC3 - Buffer Overflow
Buffer overflow in redis-cli of Redis before 4.0.10 and 5.x before 5.0 RC3 allows an attacker to achieve code execution and escalate to higher privileges via a crafted command line. NOTE: It is unclear whether there are any common situations in which redis-cli is used with, for example, a -h (aka hostname) argument from an untrusted source.
CVSS 8.4
CVE-2018-12453 EXPLOITDB HIGH text WORKING POC
Redis < 5.0 - Denial of Service via XGROUP Command Type Confusion
Type confusion in the xgroupCommand function in t_stream.c in redis-server in Redis before 5.0 allows remote attackers to cause denial-of-service via an XGROUP command in which the key is not a stream.
CVSS 7.5
CVE-2018-12617 EXPLOITDB HIGH text WORKING POC
QEMU Guest Agent <2.12.50 - Memory Corruption
qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a crafted QMP command (including guest-file-read with a large count value) to the agent via the listening socket.
CVSS 7.5
CVE-2018-12327 EXPLOITDB CRITICAL text WORKING POC
NTP 4.2.8p11 - Stack-based Buffer Overflow via IPv4/IPv6 Command-line Parameter
Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source.
CVSS 9.8
CVE-2018-13458 EXPLOITDB MEDIUM text WORKING POC
Nagios Core < 4.4.1 - Denial of Service via Crafted UNIX Socket Payload
qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.
CVSS 5.5
EIP-2026-101528 EXPLOITDB text WORKING POC
ASUS DSL-N12E_C1 1.1.2.3_345 - Remote Command Execution