Infobyte

6 exploits Active since Sep 2016
CVE-2022-27255 NOMISEC CRITICAL WORKING POC
Realtek Ecos Rsdk Firmware - Improper Input Validation
In Realtek eCos RSDK 1.5.7p1 and MSDK 4.9.4p1, the SIP ALG function that rewrites SDP data has a stack-based buffer overflow. This allows an attacker to remotely execute code without authentication via a crafted SIP packet that contains malicious SDP data.
279 stars
CVSS 9.8
CVE-2023-21036 NOMISEC MEDIUM WORKING POC
Android - Info Disclosure
In BitmapExport.java, there is a possible failure to truncate images due to a logic error in the code.Product: AndroidVersions: Android kernelAndroid ID: A-264261868References: N/A
81 stars
CVSS 5.5
CVE-2021-21086 NOMISEC HIGH WORKING POC
Adobe Acrobat < 17.011.30188 - Out-of-Bounds Write
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Write vulnerability in the CoolType library. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
28 stars
CVSS 7.8
CVE-2016-2776 NOMISEC HIGH WORKING POC
Oracle Linux < 9.9.9 - Improper Input Validation
buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.
27 stars
CVSS 7.5
CVE-2023-21036 NOMISEC MEDIUM SCANNER
Android - Info Disclosure
In BitmapExport.java, there is a possible failure to truncate images due to a logic error in the code.Product: AndroidVersions: Android kernelAndroid ID: A-264261868References: N/A
CVSS 5.5
CVE-2016-2776 EXPLOITDB HIGH python WORKING POC
Oracle Linux < 9.9.9 - Improper Input Validation
buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.
CVSS 7.5