j0lama

6 exploits Active since Jun 2017
CVE-2017-9430 NOMISEC CRITICAL WORKING POC
dnstracer < 1.9 - Stack-based Buffer Overflow via Long Command Line Argument
Stack-based buffer overflow in dnstracer through 1.9 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a command line with a long name argument that is mishandled in a strcpy call for argv[0]. An example threat model is a web application that launches dnstracer with an untrusted name string.
CVSS 9.8
CVE-2017-11882 NOMISEC HIGH WORKING POC
Microsoft Office CVE-2017-11882
Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11884.
CVSS 7.8
CVE-2017-16523 EXPLOITDB CRITICAL text WORKING POC
MitraStar GPT-2541GNAC and DSL-100HN-T1 - Hardcoded Password
MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices have a zyad1234 password for the zyad1234 account, which is equivalent to root and undocumented.
CVSS 9.8
CVE-2017-16522 EXPLOITDB HIGH text WORKING POC
MitraStar GPT-2541GNAC and DSL-100HN-T1 - Authenticated Privilege Escalation via Command Execution
MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices allow remote authenticated users to obtain root access by specifying /bin/sh as the command to execute.
CVSS 8.8
CVE-2017-9430 EXPLOITDB CRITICAL python WORKING POC
dnstracer < 1.9 - Stack-based Buffer Overflow via Long Command Line Argument
Stack-based buffer overflow in dnstracer through 1.9 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a command line with a long name argument that is mishandled in a strcpy call for argv[0]. An example threat model is a web application that launches dnstracer with an untrusted name string.
CVSS 9.8
CVE-2019-14267 EXPLOITDB HIGH text WORKING POC
PDFResurrect 0.15 - Buffer Overflow
PDFResurrect 0.15 has a buffer overflow via a crafted PDF file because data associated with startxref and %%EOF is mishandled.
CVSS 7.8