dsfau

3 exploits Active since Feb 2018
CVE-2018-6389 NOMISEC HIGH WORKING POC
Wordpress < 4.9.2 - Denial of Service
In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times.
2 stars
CVSS 7.5
CVE-2018-1000199 NOMISEC MEDIUM WORKING POC
Linux Kernel <3.18 - Memory Corruption
The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f.
CVSS 5.5
CVE-2018-10546 NOMISEC HIGH WORKING POC
PHP <5.6.36, <7.0.30, <7.1.17, <7.2.5 - Info Disclosure
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences.
CVSS 7.5