Kaspersky Lab - Security Researcher - Exploit Intelligence Platform

CVE-2019-13720 NOMISEC HIGH SUSPICIOUS

Google Chrome <78.0.3904.87 - Use After Free

Use after free in WebAudio in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

6 stars

CVSS 8.8

View Code

CVE-2018-16116 WRITEUP HIGH WRITEUP

Sophos SFOS - Authenticated SQL Injection via AccountStatus.jsp Username Parameter

SQL injection vulnerability in AccountStatus.jsp in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary SQL commands via the "username" GET parameter.

CVSS 8.8

View Code

CVE-2018-16117 WRITEUP HIGH WRITEUP

Sophos SFOS < 17.0 - Authenticated OS Command Injection via Admin Portal dbName Parameter

A shell escape vulnerability in /webconsole/Controller in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary OS commands via shell metacharacters in the "dbName" POST parameter.

CVSS 8.8

View Code

CVE-2018-16118 WRITEUP HIGH WRITEUP

Sophos SFOS - OS Command Injection via X-Forwarded-For HTTP Header

A shell escape vulnerability in /webconsole/APIController in the API Configuration component of Sophos XG firewall 17.0.8 MR-8 allows remote attackers to execute arbitrary OS commands via shell metachracters in the "X-Forwarded-for" HTTP header.

CVSS 8.1

View Code

CVE-2018-8453 METASPLOIT HIGH ruby WORKING POC

Windows - Elevation of Privilege in Win32k Component

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

CVSS 7.8

View Code

CVE-2018-8453 EXPLOITDB HIGH ruby WORKING POC

Windows - Elevation of Privilege in Win32k Component

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

CVSS 7.8

View Code