chompie1337 - Security Researcher - Exploit Intelligence Platform

CVE-2023-21768 NOMISEC HIGH WORKING POC

Windows Ancillary Function Driver - Privilege Escalation

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

506 stars

CVSS 7.8

View Code

CVE-2020-0796 NOMISEC CRITICAL WORKING POC

Windows 10 1903/1909 and Windows Server 1903/1909 - Remote Code Execution via SMBv3 Compression Buffer Overflow

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.

339 stars

CVSS 10.0

View Code

CVE-2021-3490 NOMISEC HIGH WORKING POC

Linux eBPF ALU32 32-bit Invalid Bounds Tracking LPE

The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. This issue was fixed via commit 049c4e13714e ("bpf: Fix alu32 const subreg bound tracking on bitwise operations") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. The AND/OR issues were introduced by commit 3f50f132d840 ("bpf: Verifier, do explicit ALU32 bounds tracking") (5.7-rc1) and the XOR variant was introduced by 2921c90d4718 ("bpf:Fix a verifier failure with xor") ( 5.10-rc1).

312 stars

CVSS 7.8

View Code

CVE-2023-36802 NOMISEC HIGH WORKING POC

Microsoft Streaming Service Proxy - Privilege Escalation

Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability

167 stars

CVSS 7.8

View Code

CVE-2020-0796 NOMISEC CRITICAL WRITEUP

Windows 10 1903/1909 and Windows Server 1903/1909 - Remote Code Execution via SMBv3 Compression Buffer Overflow

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.

1 stars

CVSS 10.0

View Code

CVE-2020-0796 NOMISEC CRITICAL WORKING POC

Windows 10 1903/1909 and Windows Server 1903/1909 - Remote Code Execution via SMBv3 Compression Buffer Overflow

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.

CVSS 10.0

View Code

CVE-2020-0796 NOMISEC CRITICAL WORKING POC

Windows 10 1903/1909 and Windows Server 1903/1909 - Remote Code Execution via SMBv3 Compression Buffer Overflow

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.

CVSS 10.0

View Code

CVE-2021-3490 NOMISEC HIGH WORKING POC

Linux eBPF ALU32 32-bit Invalid Bounds Tracking LPE

The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. This issue was fixed via commit 049c4e13714e ("bpf: Fix alu32 const subreg bound tracking on bitwise operations") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. The AND/OR issues were introduced by commit 3f50f132d840 ("bpf: Verifier, do explicit ALU32 bounds tracking") (5.7-rc1) and the XOR variant was introduced by 2921c90d4718 ("bpf:Fix a verifier failure with xor") ( 5.10-rc1).

CVSS 7.8

View Code

CVE-2021-41073 INTHEWILD HIGH WORKING POC

Linux kernel <5.14.6 - Privilege Escalation

loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc/<pid>/maps for exploitation.

CVSS 7.8

View Code

CVE-2020-1350 PATCHAPALOOZA CRITICAL WORKING POC

Windows Server 2008, 2012, 2016, 2019 - Remote Code Execution in DNS Server

A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS Server Remote Code Execution Vulnerability'.

CVSS 10.0

View Code

CVE-2020-0796 METASPLOIT CRITICAL ruby WORKING POC

Windows 10 1903/1909 and Windows Server 1903/1909 - Remote Code Execution via SMBv3 Compression Buffer Overflow

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.

CVSS 10.0

View Code

CVE-2021-3490 METASPLOIT HIGH ruby WORKING POC

Linux eBPF ALU32 32-bit Invalid Bounds Tracking LPE

The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. This issue was fixed via commit 049c4e13714e ("bpf: Fix alu32 const subreg bound tracking on bitwise operations") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. The AND/OR issues were introduced by commit 3f50f132d840 ("bpf: Verifier, do explicit ALU32 bounds tracking") (5.7-rc1) and the XOR variant was introduced by 2921c90d4718 ("bpf:Fix a verifier failure with xor") ( 5.10-rc1).

CVSS 7.8

View Code

CVE-2020-0796 EXPLOITDB CRITICAL python WORKING POC

Windows 10 1903/1909 and Windows Server 1903/1909 - Remote Code Execution via SMBv3 Compression Buffer Overflow

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.

CVSS 10.0

View Code