Matlink

7 exploits Active since Sep 2017

CVE-2018-17961 NOMISEC HIGH STUB

Artifex Ghostscript < 9.25 - Error Information Exposure

Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183.

2 stars

CVSS 8.6

View Code

CVE-2018-17456 NOMISEC CRITICAL WORKING POC

Malicious Git HTTP Server For CVE-2018-17456

Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.

CVSS 9.8

View Code

CVE-2017-1000083 NOMISEC HIGH WORKING POC

Evince CBT File Command Injection

backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.

CVSS 7.8

View Code

CVE-2017-1000083 NOMISEC HIGH WORKING POC

Evince CBT File Command Injection

backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.

CVSS 7.8

View Code

CVE-2017-1000083 METASPLOIT HIGH ruby WORKING POC

Evince CBT File Command Injection

backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.

CVSS 7.8

View Code

CVE-2017-1000083 EXPLOITDB HIGH ruby WORKING POC

Evince CBT File Command Injection

backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.

CVSS 7.8

View Code

CVE-2017-1000083 EXPLOITDB HIGH text WORKING POC

Evince CBT File Command Injection

backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.

CVSS 7.8

View Code