Nicolas Krassas

8 exploits Active since Sep 2012
CVE-2019-13132 NOMISEC CRITICAL WORKING POC
ZeroMQ libzmq < 4.0.9, 4.1.x < 4.1.7, 4.2.x < 4.3.2 - Unauthenticated Stack Overflow via CURVE Encryption/Authentication
In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.3.2, a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack overflow and overwrite the stack with arbitrary data, due to a buffer overflow in the library. Users running public servers with the above configuration are highly encouraged to upgrade as soon as possible, as there are no known mitigations.
CVSS 9.8
CVE-2019-6250 NOMISEC HIGH WORKING POC
libzmq 4.2.0-4.2.4 and 4.3.0 - Authenticated Integer Overflow to Remote Code Execution in v2_decoder.cpp
A pointer overflow, with code execution, was discovered in ZeroMQ libzmq (aka 0MQ) 4.2.x and 4.3.x before 4.3.1. A v2_decoder.cpp zmq::v2_decoder_t::size_ready integer overflow allows an authenticated attacker to overwrite an arbitrary amount of bytes beyond the bounds of a buffer, which can be leveraged to run arbitrary code on the target system. The memory layout allows the attacker to inject OS commands into a data structure located immediately after the problematic buffer (i.e., it is not necessary to use a typical buffer-overflow exploitation technique that changes the flow of control).
CVSS 8.8
EIP-2026-117569 EXPLOITDB c WORKING POC
Microsoft Windows Live Email - 'dwmapi.dll' DLL Hijacking
CVE-2010-5227 EXPLOITDB c WORKING POC
Opera <10.62 - Privilege Escalation
Untrusted search path vulnerability in Opera before 10.62 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .htm, .mht, .mhtml, .xht, .xhtm, or .xhtl file. NOTE: some of these details are obtained from third party information.
EIP-2026-116244 EXPLOITDB text WORKING POC
SlimPDF Reader - Denial of Service (PoC)
EIP-2026-115808 EXPLOITDB text WRITEUP
Microsoft Windows Media Player with K-Lite Codec Pack - Denial of Service (PoC)
EIP-2026-110355 EXPLOITDB text WRITEUP
osCommerce - Authentication Bypass
EIP-2026-102945 EXPLOITDB text WRITEUP
Parallels PLESK 9.x - Insecure Permissions