freeide

8 exploits Active since Sep 2015
CVE-2021-2394 NOMISEC CRITICAL WORKING POC
Oracle WebLogic Server <14.1.1.0.0 - RCE
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
21 stars
CVSS 9.8
CVE-2021-31955 NOMISEC MEDIUM WORKING POC
Microsoft Windows 10 1809 < 10.0.17763.1999 - Information Disclosure
Windows Kernel Information Disclosure Vulnerability
13 stars
CVSS 5.5
CVE-2021-31955 NOMISEC MEDIUM WORKING POC
Microsoft Windows 10 1809 < 10.0.17763.1999 - Information Disclosure
Windows Kernel Information Disclosure Vulnerability
2 stars
CVSS 5.5
CVE-2015-4077 NOMISEC WORKING POC
Fortinet Forticlient < 5.2.3 - Information Disclosure
The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.4 allow local users to read arbitrary kernel memory via a 0x22608C ioctl call.
2 stars
CVE-2019-0708 NOMISEC CRITICAL WORKING POC
CVE-2019-0708 BlueKeep RDP Remote Windows Kernel Use After Free
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
1 stars
CVSS 9.8
CVE-2021-29200 NOMISEC CRITICAL WORKING POC
Apache Ofbiz < 17.12.07 - Insecure Deserialization
Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can perform an RCE attack
CVSS 9.8
CVE-2019-2890 NOMISEC HIGH WORKING POC
Oracle WebLogic Server - RCE
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
CVSS 7.2
CVE-2019-0708 NOMISEC CRITICAL STUB
CVE-2019-0708 BlueKeep RDP Remote Windows Kernel Use After Free
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
CVSS 9.8