Securifera

16 exploits Active since Oct 2015
CVE-2019-1579 NOMISEC HIGH WORKING POC
PAN-OS < 7.1.19 - Unauthenticated Remote Code Execution via GlobalProtect Portal/Gateway Interface
Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier with GlobalProtect Portal or GlobalProtect Gateway Interface enabled may allow an unauthenticated remote attacker to execute arbitrary code.
63 stars
CVSS 8.1
CVE-2018-6546 NOMISEC CRITICAL WORKING POC
plays.tv < 1.27.7.0 - Unauthenticated Remote Code Execution via execute_installer Parameter
plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming Evolved products, executes code at a user-defined (local or SMB) path as SYSTEM when the execute_installer parameter is used in an HTTP message. This occurs without properly authenticating the user.
41 stars
CVSS 9.8
CVE-2019-7839 NOMISEC CRITICAL WORKING POC
ColdFusion <Update 3 - Command Injection
ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.
7 stars
CVSS 9.8
CVE-2015-2900 NOMISEC WORKING POC
MEDCIN Engine <2.22.20153.226 - DoS
The AddUserFinding add_userfinding2 function in Medicomp MEDCIN Engine before 2.22.20153.226 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted packet on port 8190.
6 stars
CVE-2017-18044 NOMISEC CRITICAL WORKING POC
Commvault < 11.0 - Unauthenticated OS Command Injection via CVDataPipe.dll Message Parsing
A Command Injection issue was discovered in ContentStore/Base/CVDataPipe.dll in Commvault before v11 SP6. A certain message parsing function inside the Commvault service does not properly validate the input of an incoming string before passing it to CreateProcess. As a result, a specially crafted message can inject commands that will be executed on the target operating system. Exploitation of this vulnerability does not require authentication and can lead to SYSTEM level privilege on any system running the cvd daemon. This is a different vulnerability than CVE-2017-3195.
4 stars
CVSS 9.8
CVE-2015-8277 NOMISEC CRITICAL WORKING POC
Flexera FlexNet Publisher <11.13.1.2 - Buffer Overflow
Multiple buffer overflows in (1) lmgrd and (2) Vendor Daemon in Flexera FlexNet Publisher before 11.13.1.2 Security Update 1 allow remote attackers to execute arbitrary code via a crafted packet with opcode (a) 0x107 or (b) 0x10a.
3 stars
CVSS 9.8
CVE-2019-14450 NOMISEC CRITICAL WORKING POC
Repetier-Server <0.91 - Path Traversal
A directory traversal vulnerability was discovered in RepetierServer.exe in Repetier-Server 0.8 through 0.91 that allows for the creation of a user controlled XML file at an unintended location. When this is combined with CVE-2019-14451, an attacker can upload an "external command" configuration as a printer configuration, and achieve remote code execution. After exploitation, loading of the external command configuration is dependent on a system reboot or service restart.
1 stars
CVSS 9.8
CVE-2017-9830 NOMISEC CRITICAL WORKING POC
Code42 CrashPlan 5.4.x - Remote Code Execution via org.apache.commons.ssl.rmi.DateRMI Deserialization
Remote Code Execution is possible in Code42 CrashPlan 5.4.x via the org.apache.commons.ssl.rmi.DateRMI Java class, because (upon instantiation) it creates an RMI server that listens on a TCP port and deserializes objects sent by TCP clients.
1 stars
CVSS 9.8
CVE-2018-16156 NOMISEC HIGH WORKING POC
PaperStream IP (TWAIN) 1.42.0.5685 - Unauthenticated Local Privilege Escalation via Untrusted Search Path
In PaperStream IP (TWAIN) 1.42.0.5685 (Service Update 7), the FJTWSVIC service running with SYSTEM privilege processes unauthenticated messages received over the FjtwMkic_Fjicube_32 named pipe. One of these message processing functions attempts to dynamically load the UninOldIS.dll library and executes an exported function named ChangeUninstallString. The default install does not contain this library and therefore if any DLL with that name exists in any directory listed in the PATH variable, it can be used to escalate to SYSTEM level privilege.
1 stars
CVSS 7.8
CVE-2016-3962 NOMISEC HIGH WORKING POC
Meinberg IMS-LANTIME - Buffer Overflow
Stack-based buffer overflow in the NTP time-server interface on Meinberg IMS-LANTIME M3000, IMS-LANTIME M1000, IMS-LANTIME M500, LANTIME M900, LANTIME M600, LANTIME M400, LANTIME M300, LANTIME M200, LANTIME M100, SyncFire 1100, and LCES devices with firmware before 6.20.004 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via a crafted parameter in a POST request.
1 stars
CVSS 7.3
CVE-2018-6546 WRITEUP CRITICAL WORKING POC
plays.tv < 1.27.7.0 - Unauthenticated Remote Code Execution via execute_installer Parameter
plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming Evolved products, executes code at a user-defined (local or SMB) path as SYSTEM when the execute_installer parameter is used in an HTTP message. This occurs without properly authenticating the user.
CVSS 9.8
CVE-2016-3962 EXPLOITDB HIGH python WORKING POC
Meinberg IMS-LANTIME - Buffer Overflow
Stack-based buffer overflow in the NTP time-server interface on Meinberg IMS-LANTIME M3000, IMS-LANTIME M1000, IMS-LANTIME M500, LANTIME M900, LANTIME M600, LANTIME M400, LANTIME M300, LANTIME M200, LANTIME M100, SyncFire 1100, and LCES devices with firmware before 6.20.004 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via a crafted parameter in a POST request.
CVSS 7.3
CVE-2016-2345 EXPLOITDB CRITICAL python WORKING POC
DameWare Mini Remote Control 12.0 - Stack-Based Buffer Overflow via Crafted String
Stack-based buffer overflow in dwrcs.exe in the dwmrcs daemon in SolarWinds DameWare Mini Remote Control 12.0 allows remote attackers to execute arbitrary code via a crafted string.
CVSS 9.8
CVE-2018-16156 EXPLOITDB HIGH powershell WORKING POC
PaperStream IP (TWAIN) 1.42.0.5685 - Unauthenticated Local Privilege Escalation via Untrusted Search Path
In PaperStream IP (TWAIN) 1.42.0.5685 (Service Update 7), the FJTWSVIC service running with SYSTEM privilege processes unauthenticated messages received over the FjtwMkic_Fjicube_32 named pipe. One of these message processing functions attempts to dynamically load the UninOldIS.dll library and executes an exported function named ChangeUninstallString. The default install does not contain this library and therefore if any DLL with that name exists in any directory listed in the PATH variable, it can be used to escalate to SYSTEM level privilege.
CVSS 7.8
CVE-2018-6546 EXPLOITDB CRITICAL python WORKING POC
plays.tv < 1.27.7.0 - Unauthenticated Remote Code Execution via execute_installer Parameter
plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming Evolved products, executes code at a user-defined (local or SMB) path as SYSTEM when the execute_installer parameter is used in an HTTP message. This occurs without properly authenticating the user.
CVSS 9.8
CVE-2016-3989 EXPLOITDB HIGH python WORKING POC
Meinberg IMS-LANTIME - Privilege Escalation
The NTP time-server interface on Meinberg IMS-LANTIME M3000, IMS-LANTIME M1000, IMS-LANTIME M500, LANTIME M900, LANTIME M600, LANTIME M400, LANTIME M300, LANTIME M200, LANTIME M100, SyncFire 1100, and LCES devices with firmware before 6.20.004 allows remote authenticated users to obtain root privileges for writing to unspecified scripts, and consequently obtain sensitive information or modify data, by leveraging access to the nobody account.
CVSS 8.1