corelight

21 exploits Active since Jun 2020
CVE-2022-26809 NOMISEC CRITICAL WRITEUP
Microsoft Windows RPC Runtime - Remote Code Execution
Remote Procedure Call Runtime Remote Code Execution Vulnerability
33 stars
CVSS 9.8
CVE-2021-44228 NOMISEC CRITICAL WORKING POC
Log4Shell HTTP Header Injection
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
19 stars
CVSS 10.0
CVE-2021-42292 NOMISEC HIGH WRITEUP
Microsoft Excel - Privilege Escalation
Microsoft Excel Security Feature Bypass Vulnerability
18 stars
CVSS 7.8
CVE-2021-31166 NOMISEC CRITICAL SCANNER
Windows IIS HTTP Protocol Stack DOS
HTTP Protocol Stack Remote Code Execution Vulnerability
13 stars
CVSS 9.8
CVE-2021-1675 NOMISEC HIGH SCANNER
Microsoft Windows 10 1507 < 10.0.10240.18967 - Remote Code Execution
Windows Print Spooler Remote Code Execution Vulnerability
9 stars
CVSS 7.8
CVE-2020-16898 NOMISEC HIGH WRITEUP
Microsoft Windows 10 - Remote Code Execution
<p>A remote code execution vulnerability exists when the Windows TCP/IP stack improperly handles ICMPv6 Router Advertisement packets. An attacker who successfully exploited this vulnerability could gain the ability to execute code on the target server or client.</p> <p>To exploit this vulnerability, an attacker would have to send specially crafted ICMPv6 Router Advertisement packets to a remote Windows computer.</p> <p>The update addresses the vulnerability by correcting how the Windows TCP/IP stack handles ICMPv6 Router Advertisement packets.</p>
9 stars
CVSS 8.8
CVE-2020-1350 NOMISEC CRITICAL WRITEUP
Microsoft Windows Server 2008 - Improper Input Validation
A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS Server Remote Code Execution Vulnerability'.
9 stars
CVSS 10.0
CVE-2022-26937 NOMISEC CRITICAL SCANNER
Windows Network File System < - RCE
Windows Network File System Remote Code Execution Vulnerability
7 stars
CVSS 9.8
CVE-2020-14882 NOMISEC CRITICAL WRITEUP
Oracle WebLogic Server <14.1.1.0.0 - RCE
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
7 stars
CVSS 9.8
CVE-2020-12695 NOMISEC HIGH WRITEUP
Open Connectivity Foundation UPnP <2020-04-17 - SSRF
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
6 stars
CVSS 7.5
CVE-2022-21907 NOMISEC CRITICAL WRITEUP
HTTP Protocol Stack - RCE
HTTP Protocol Stack Remote Code Execution Vulnerability
5 stars
CVSS 9.8
CVE-2021-38647 NOMISEC CRITICAL SCANNER
Microsoft OMI Management Interface Authentication Bypass
Open Management Infrastructure Remote Code Execution Vulnerability
5 stars
CVSS 9.8
CVE-2022-3602 NOMISEC HIGH SCANNER
Openssl < 3.0.7 - Out-of-Bounds Write
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to upgrade to a new version as soon as possible. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. Fixed in OpenSSL 3.0.7 (Affected 3.0.0,3.0.1,3.0.2,3.0.3,3.0.4,3.0.5,3.0.6).
4 stars
CVSS 7.5
CVE-2020-5902 NOMISEC CRITICAL SCANNER
BIG-IP <15.2 - RCE
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.
4 stars
CVSS 9.8
CVE-2022-24491 NOMISEC CRITICAL WRITEUP
Windows Network File System < - RCE
Windows Network File System Remote Code Execution Vulnerability
3 stars
CVSS 9.8
CVE-2022-24497 NOMISEC CRITICAL WRITEUP
Windows Network File System - RCE
Windows Network File System Remote Code Execution Vulnerability
3 stars
CVSS 9.8
CVE-2022-23270 NOMISEC HIGH WORKING POC
Microsoft Windows 10 - Remote Code Execution
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
1 stars
CVSS 8.1
CVE-2022-22954 NOMISEC CRITICAL WRITEUP
VMware Workspace ONE Access CVE-2022-22954
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.
1 stars
CVSS 9.8
CVE-2021-41773 NOMISEC CRITICAL WORKING POC
Apache 2.4.49/2.4.50 Traversal RCE
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.
1 stars
CVSS 9.8
CVE-2022-30216 NOMISEC HIGH WRITEUP
Microsoft Windows 10 - Unrestricted File Upload
Windows Server Service Tampering Vulnerability
CVSS 8.8
CVE-2021-38647 NOMISEC CRITICAL SCANNER
Microsoft OMI Management Interface Authentication Bypass
Open Management Infrastructure Remote Code Execution Vulnerability
CVSS 9.8