Quadron Research Lab

4 exploits Active since Jan 2021
CVE-2021-47789 EXPLOITDB HIGH python WORKING POC
Yenkee YMS 3029 Firmware - Denial of Service via GM312Fltr.sys DeviceIoControl Buffer Overrun
Yenkee Hornet Gaming Mouse driver GM312Fltr.sys contains a buffer overrun vulnerability that allows attackers to crash the system by sending oversized input. Attackers can exploit the driver by sending a 2000-byte buffer through DeviceIoControl to trigger a kernel-level system crash.
CVSS 7.5
CVE-2021-47786 EXPLOITDB HIGH python WORKING POC
Redragon Gaming Mouse - Denial of Service via Malformed IOCTL Request
Redragon Gaming Mouse driver contains a kernel-level vulnerability that allows attackers to trigger a denial of service by sending malformed IOCTL requests. Attackers can send a crafted 2000-byte buffer with specific byte patterns to the REDRAGON_MOUSE device to crash the kernel driver.
CVSS 7.5
CVE-2021-47732 EXPLOITDB MEDIUM text WRITEUP
CMSimple 5.2 - Stored Cross-Site Scripting in Filebrowser External Input
CMSimple 5.2 contains a stored cross-site scripting vulnerability in the Filebrowser External input field that allows attackers to inject malicious JavaScript. Attackers can place unfiltered JavaScript code that executes when users click on Page or Files tabs, enabling persistent script injection.
CVSS 6.1
CVE-2021-3111 EXPLOITDB MEDIUM text WRITEUP
Concrete CMS < 8.5.5 - Stored Cross-Site Scripting via Express Entries Dashboard Name Field
The Express Entries Dashboard in Concrete5 8.5.4 allows stored XSS via the name field of a new data object at an index.php/dashboard/express/entries/view/ URI.
CVSS 4.8