Samuel Groß

4 exploits Active since Jul 2016
CVE-2018-4233 NOMISEC HIGH WORKING POC
Safari < 11.1.1 - Remote Code Execution via WebKit Memory Corruption
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
180 stars
CVSS 8.8
CVE-2016-4622 NOMISEC HIGH WORKING POC
Safari < 9.1.2 - Remote Code Execution via Memory Corruption
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4623, and CVE-2016-4624.
109 stars
CVSS 8.8
CVE-2019-11707 NOMISEC HIGH WORKING POC
Firefox < 60.7.1, < 67.0.3 and Thunderbird < 60.7.2 - Type Confusion via Array.pop
A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2.
CVSS 8.8
CVE-2017-15428 NOMISEC HIGH WORKING POC
Google Chrome < 62.0.3202.94 - Remote Code Execution via V8 Builtins String Generator
Insufficient data validation in V8 builtins string generator could lead to out of bounds read and write access in V8 in Google Chrome prior to 62.0.3202.94 and allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
CVSS 8.8