M507 - Security Researcher - Exploit Intelligence Platform

CVE-2021-23017 NOMISEC HIGH WORKING POC

nginx - Memory Corruption

A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.

132 stars

CVSS 7.7

View Code

CVE-2022-45477 NOMISEC CRITICAL WRITEUP

Telepad < 1.0.7 - Missing Authentication

Telepad allows remote unauthenticated users to send instructions to the server to execute arbitrary code without any previous authorization or authentication. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

16 stars

CVSS 9.8

View Code

CVE-2024-32002 NOMISEC CRITICAL WORKING POC

Git <2.45.1-2.39.4 - Code Injection

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.

9 stars

CVSS 9.0

View Code

CVE-2025-59287 NOMISEC CRITICAL WORKING POC

Microsoft Windows Server 2012 - Insecure Deserialization

Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.

7 stars

CVSS 9.8

View Code

CVE-2023-35317 NOMISEC HIGH WORKING POC

Microsoft Windows Server 2012 - Insecure Deserialization

Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability

7 stars

CVSS 7.8

View Code

CVE-2017-13156 NOMISEC HIGH SCANNER

Android Janus APK Signature bypass

An elevation of privilege vulnerability in the Android system (art). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-64211847.

3 stars

CVSS 7.8

View Code

CVE-2025-59287 GITHUB CRITICAL python WORKING POC

Microsoft Windows Server 2012 - Insecure Deserialization

Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.

2 stars

CVSS 9.8

View Code