SyFi

13 exploits Active since Apr 2017
CVE-2017-0199 NOMISEC HIGH SUSPICIOUS
Microsoft Office Word Malicious Hta Execution
Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API."
12 stars
CVSS 7.8
CVE-2018-4878 NOMISEC HIGH WORKING POC
Adobe Flash Player < 28.0.0.161 - Use After Free
A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018.
8 stars
CVSS 7.8
CVE-2018-8174 NOMISEC HIGH WORKING POC
Windows VBScript Engine - RCE
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
7 stars
CVSS 7.5
CVE-2018-15982 NOMISEC HIGH WORKING POC
Adobe Flash Player < 31.0.0.153 - Use After Free
Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
5 stars
CVSS 7.8
CVE-2018-8172 NOMISEC HIGH WRITEUP
Microsoft Visual Studio - RCE
A remote code execution vulnerability exists in Visual Studio software when the software does not check the source markup of a file for an unbuilt project, aka "Visual Studio Remote Code Execution Vulnerability." This affects Microsoft Visual Studio, Expression Blend 4.
3 stars
CVSS 7.8
CVE-2025-49113 NOMISEC CRITICAL WORKING POC
Roundcube Webmail < 1.5.10 - Insecure Deserialization
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.
2 stars
CVSS 9.9
CVE-2024-53407 NOMISEC LOW WORKING POC
Phiewer - Untrusted Search Path
In Phiewer 4.1.0, a dylib injection leads to Command Execution which allow attackers to inject dylib file potentially leading to remote control and unauthorized access to sensitive user data.
CVSS 3.3
CVE-2024-55503 NOMISEC LOW WORKING POC
Termius < 9.9.0 - Untrusted Search Path
An issue in termius before v.9.9.0 allows a local attacker to execute arbitrary code via a crafted script to the DYLD_INSERT_LIBRARIES component.
CVSS 3.3
CVE-2024-55504 NOMISEC MEDIUM WORKING POC
RAR Extractor - Unarchiver Free and Pro <6.4.0 - Code Injection
An issue in RAR Extractor - Unarchiver Free and Pro v.6.4.0 allows local attackers to inject arbitrary code potentially leading to remote control and unauthorized access to sensitive user data via the exploit_combined.dylib component on MacOS.
CVSS 5.5
CVE-2023-46818 NOMISEC HIGH WORKING POC
ISPConfig language_edit.php PHP Code Injection
An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if admin_allow_langedit is enabled.
CVSS 7.2
CVE-2018-8174 PATCHAPALOOZA HIGH WORKING POC
Windows VBScript Engine - RCE
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
CVSS 7.5
CVE-2023-46818 METASPLOIT HIGH ruby WORKING POC
ISPConfig language_edit.php PHP Code Injection
An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if admin_allow_langedit is enabled.
CVSS 7.2
CVE-2018-4878 EXPLOITDB HIGH python WORKING POC
Adobe Flash Player < 28.0.0.161 - Use After Free
A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018.
CVSS 7.8