Google Inc.

9 exploits Active since Jun 2012
CVE-2018-8440 NOMISEC HIGH WORKING POC
Windows - Elevation of Privilege via ALPC
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
80 stars
CVSS 7.8
CVE-2022-30206 NOMISEC HIGH WORKING POC
Windows Print Spooler - Privilege Escalation
Windows Print Spooler Elevation of Privilege Vulnerability
76 stars
CVSS 7.8
CVE-2023-32353 NOMISEC HIGH WORKING POC
iTunes < 12.12.9 - Privilege Escalation
A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be able to elevate privileges.
34 stars
CVSS 7.8
CVE-2020-16939 NOMISEC HIGH WORKING POC
Windows Group Policy - Elevation of Privilege via Improper Access Check
<p>An elevation of privilege vulnerability exists when Group Policy improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p> <p>To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system.</p> <p>The security update addresses the vulnerability by correcting how Group Policy checks access.</p>
12 stars
CVSS 7.8
CVE-2023-4863 NOMISEC HIGH WRITEUP
Google Chrome <116.0.5845.187 - Buffer Overflow
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
3 stars
CVSS 8.8
CVE-2022-41401 WRITEUP MEDIUM WRITEUP
OpenRefine <= 3.5.2 - Server-Side Request Forgery
OpenRefine <= v3.5.2 contains a Server-Side Request Forgery (SSRF) vulnerability, which permits unauthorized users to exploit the system, potentially leading to unauthorized access to internal resources and sensitive file disclosure.
CVSS 6.5
CVE-2022-30206 INTHEWILD HIGH WORKING POC
Windows Print Spooler - Privilege Escalation
Windows Print Spooler Elevation of Privilege Vulnerability
CVSS 7.8
CVE-2024-47882 WRITEUP MEDIUM WRITEUP
OpenRefine < 3.8.3 - Cross-Site Scripting in Error Page
OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the built-in "Something went wrong!" error page includes the exception message and exception traceback without escaping HTML tags, enabling injection into the page if an attacker can reliably produce an error with an attacker-influenced message. It appears that the only way to reach this code in OpenRefine itself is for an attacker to somehow convince a victim to import a malicious file, which may be difficult. However, out-of-tree extensions may add their own calls to `respondWithErrorPage`. Version 3.8.3 has a fix for this issue.
CVSS 5.9
CVE-2012-1875 EXPLOITDB ruby WORKING POC
Microsoft Internet Explorer 8 - Remote Code Execution via Deleted Object Access
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Same ID Property Remote Code Execution Vulnerability."