François Goichon

4 exploits Active since Aug 2017
CVE-2017-12787 EXPLOITDB CRITICAL text WORKING POC
NoviWare < 400.2.6 - Unauthenticated Remote Code Execution via Packet Data OS Command Injection
A network interface of the novi_process_manager_daemon service, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied. This could be leveraged by remote, unauthenticated attackers to gain resultant privileged (root) code execution on the switch, because incoming packet data can contain embedded OS commands, and can also trigger a stack-based buffer overflow.
CVSS 9.8
CVE-2017-12785 EXPLOITDB CRITICAL text WORKING POC
NoviWare < 400.2.6 - Authenticated Buffer Overflow via 'show log cli' Command
The novish command-line interface, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, is prone to a buffer overflow in the "show log cli" command. This could be used by a read-only user (monitor role) to gain privileged (root) code execution on the switch via command injection.
CVSS 9.8
CVE-2018-7264 EXPLOITDB CRITICAL text WORKING POC
ActivePDF Toolkit < 8.1.0.19023 - Remote Code Execution via Pictview Image Processing
The Pictview image processing library embedded in the ActivePDF toolkit through 2018.1.0.18321 is prone to multiple out of bounds write and sign errors, allowing a remote attacker to execute arbitrary code on vulnerable applications using the ActivePDF Toolkit to process untrusted images.
CVSS 9.8
CVE-2017-12786 EXPLOITDB CRITICAL text WORKING POC
NoviWare < 400.2.6 - Unauthenticated Stack-Based Buffer Overflow via Packet Data Unserialization
Network interfaces of the cliengine and noviengine services, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied. This could be leveraged by remote, unauthenticated attackers to gain resultant privileged (root) code execution on the switch, because there is a stack-based buffer overflow during unserialization of packet data.
CVSS 9.8