exploitblizzard

6 exploits Active since Jan 2020
CVE-2021-24084 NOMISEC MEDIUM WORKING POC
Microsoft Windows 10 - Symlink Following
Windows Mobile Device Management Information Disclosure Vulnerability
52 stars
CVSS 5.5
CVE-2021-1732 NOMISEC HIGH WORKING POC
Microsoft Windows 10 1803 - Out-of-Bounds Write
Windows Win32k Elevation of Privilege Vulnerability
31 stars
CVSS 7.8
CVE-2021-36934 NOMISEC HIGH STUB
Windows - Privilege Escalation
<p>An elevation of privilege vulnerability exists because of overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>An attacker must have the ability to execute code on a victim system to exploit this vulnerability.</p> <p>After installing this security update, you <em>must</em> manually delete all shadow copies of system files, including the SAM database, to fully mitigate this vulnerabilty. <strong>Simply installing this security update will not fully mitigate this vulnerability.</strong> See <a href="https://support.microsoft.com/topic/1ceaa637-aaa3-4b58-a48b-baf72a2fa9e7">KB5005357- Delete Volume Shadow Copies</a>.</p>
7 stars
CVSS 7.8
CVE-2021-1675 NOMISEC HIGH SUSPICIOUS
Microsoft Windows 10 1507 < 10.0.10240.18967 - Remote Code Execution
Windows Print Spooler Remote Code Execution Vulnerability
5 stars
CVSS 7.8
CVE-2020-14882 NOMISEC CRITICAL WORKING POC
Oracle WebLogic Server <14.1.1.0.0 - RCE
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
3 stars
CVSS 9.8
CVE-2020-0601 NOMISEC HIGH WORKING POC
Microsoft Windows 10 1507 < 1.12.16 - Improper Certificate Validation
A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'.
CVSS 8.1