Hexastrike

4 exploits Active since Oct 2008
CVE-2025-0282 NOMISEC CRITICAL WORKING POC
Ivanti Connect Secure <22.7R2.5 - RCE
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.
5 stars
CVSS 9.0
CVE-2024-21887 NOMISEC CRITICAL WORKING POC
Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) - Command Injection
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.
5 stars
CVSS 9.1
CVE-2023-46805 NOMISEC HIGH WORKING POC
Ivanti Connect Secure Unauthenticated Remote Code Execution
An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.
5 stars
CVSS 8.2
CVE-2008-4654 NOMISEC WORKING POC
Videolan Vlc Media Player - Memory Corruption
Stack-based buffer overflow in the parse_master function in the Ty demux plugin (modules/demux/ty.c) in VLC Media Player 0.9.0 through 0.9.4 allows remote attackers to execute arbitrary code via a TiVo TY media file with a header containing a crafted size value.