X-Vector

2 exploits Active since Jun 2017

CVE-2019-15858 NOMISEC HIGH WORKING POC

Woody ad snippets < 2.2.5 - Unauthenticated Options Import

admin/includes/class.import.snippet.php in the "Woody ad snippets" plugin before 2.2.5 for WordPress allows unauthenticated options import, as demonstrated by storing an XSS payload for remote code execution.

32 stars

CVSS 8.8

View Code

CVE-2017-8464 NOMISEC HIGH WORKING POC

Windows Shell - Remote Code Execution via Crafted .LNK File

Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows local users or remote attackers to execute arbitrary code via a crafted .LNK file, which is not properly handled during icon display in Windows Explorer or any other application that parses the icon of the shortcut. aka "LNK Remote Code Execution Vulnerability."

CVSS 8.8

View Code