finn79426 - Security Researcher - Exploit Intelligence Platform

CVE-2020-10199 NOMISEC HIGH WORKING POC

Nexus Repository Manager Java EL Injection RCE

Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).

CVSS 8.8

View Code

CVE-2012-5960 NOMISEC WORKING POC

Portable SDK For Upnp < 1.6.17 - Memory Corruption

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a long UDN (aka upnp:rootdevice) field in a UDP packet.

View Code

CVE-2012-5959 VULNCHECK_XDB WORKING POC

UPnP SSDP M-SEARCH Information Discovery

Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a long UDN (aka uuid) field within a string that contains a :: (colon colon) in a UDP packet.

View Code