Jaky5155

4 exploits Active since May 2019
CVE-2019-0708 NOMISEC CRITICAL WORKING POC
CVE-2019-0708 BlueKeep RDP Remote Windows Kernel Use After Free
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
30 stars
CVSS 9.8
CVE-2022-24990 NOMISEC HIGH WORKING POC
TerraMaster TOS 4.2.29 or lower - Unauthenticated RCE chaining CVE-2022-24990 and CVE-2022-24989
TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response.
2 stars
CVSS 7.5
CVE-2019-17564 NOMISEC CRITICAL SUSPICIOUS
Apache Dubbo < 2.5.10 - Insecure Deserialization
Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. An attacker may submit a POST request with a Java object in it to completely compromise a Provider instance of Apache Dubbo, if this instance enables HTTP. This issue affected Apache Dubbo 2.7.0 to 2.7.4, 2.6.0 to 2.6.7, and all 2.5.x versions.
2 stars
CVSS 9.8
CVE-2019-0785 NOMISEC CRITICAL STUB
Windows Server DHCP - Memory Corruption
A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server, aka 'Windows DHCP Server Remote Code Execution Vulnerability'.
CVSS 9.8