Fidus InfoSecurity

5 exploits Active since Oct 2017
CVE-2018-6947 EXPLOITDB HIGH c WORKING POC
NoMachine < 6.0.66_2 - Local Privilege Escalation via Uninitialized Stack Variable in nxfuse
An uninitialised stack variable in the nxfuse component that is part of the Open Source DokanFS library shipped with NoMachine 6.0.66_2 and earlier allows a local low privileged user to gain elevation of privileges on Windows 7 (32 and 64bit), and denial of service for Windows 8 and 10.
CVSS 7.8
CVE-2018-6947 EXPLOITDB HIGH python WORKING POC
NoMachine < 6.0.66_2 - Local Privilege Escalation via Uninitialized Stack Variable in nxfuse
An uninitialised stack variable in the nxfuse component that is part of the Open Source DokanFS library shipped with NoMachine 6.0.66_2 and earlier allows a local low privileged user to gain elevation of privileges on Windows 7 (32 and 64bit), and denial of service for Windows 8 and 10.
CVSS 7.8
CVE-2018-5189 EXPLOITDB HIGH c++ WORKING POC
Jungo Windriver 12.5.1 - Privilege Escalation
Race condition in Jungo Windriver 12.5.1 allows local users to cause a denial of service (buffer overflow) or gain system privileges by flipping pool buffer size, aka a "double fetch" vulnerability.
CVSS 7.8
CVE-2017-17020 EXPLOITDB HIGH text WRITEUP
D-Link DCS-5009 <1.08.11, DCS-5010 <1.14.09, DCS-5020L <1.15.01 Authenticated OS Command Injection
On D-Link DCS-5009 devices with firmware 1.08.11 and earlier, DCS-5010 devices with firmware 1.14.09 and earlier, and DCS-5020L devices with firmware before 1.15.01, command injection in alphapd (binary responsible for running the camera's web server) allows remote authenticated attackers to execute code through sanitized /setSystemAdmin user input in the AdminID field being passed directly to a call to system.
CVSS 8.8
CVE-2017-13772 EXPLOITDB HIGH python WORKING POC
TP-Link WR940N Hardware v4 - Authenticated Remote Code Execution via PingIframeRpm.htm or WanStaticIpV6CfgRpm.htm
Multiple stack-based buffer overflows in TP-Link WR940N WiFi routers with hardware version 4 allow remote authenticated users to execute arbitrary code via the (1) ping_addr parameter to PingIframeRpm.htm or (2) dnsserver2 parameter to WanStaticIpV6CfgRpm.htm.
CVSS 8.8