kkirsche

4 exploits Active since Dec 2004
CVE-2017-10271 NOMISEC HIGH WORKING POC
Oracle WebLogic wls-wsat Component Deserialization RCE
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
128 stars
CVSS 7.5
CVE-2018-1111 NOMISEC HIGH WORKING POC
DHCP Client Command Injection (DynoRoot)
DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.
12 stars
CVSS 7.5
CVE-2019-16692 NOMISEC CRITICAL WORKING POC
phpipam < 1.4 - SQL Injection via Custom Fields Filter Table Parameter
phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter-result.php table parameter when action=add is used.
5 stars
CVSS 9.8
CVE-2004-2271 NOMISEC WORKING POC
MiniShare < 1.4.1 - Remote Code Execution via Long HTTP GET Request
Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.
4 stars