matejsmycka

4 exploits Active since Jul 2018
CVE-2025-12097 NOMISEC HIGH WORKING POC
NI System Web Server <2012 - Info Disclosure
There is a relative path traversal vulnerability in the NI System Web Server that may result in information disclosure.  Successful exploitation requires an attacker to send a specially crafted request to the NI System Web Server, allowing the attacker to read arbitrary files.  This vulnerability existed in the NI System Web Server 2012 and prior versions.  It was fixed in 2013.
CVSS 7.5
CVE-2025-33073 NOMISEC HIGH WORKING POC
Windows SMB - Privilege Escalation
Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.
CVSS 8.8
CVE-2019-14811 NOMISEC HIGH WORKING POC
Artifex Ghostscript < 9.50 - Incorrect Authorization
A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
CVSS 7.8
CVE-2018-14324 NOMISEC CRITICAL WORKING POC
Oracle GlassFish Open Source Edition 5.0 - Info Disclosure
The demo feature in Oracle GlassFish Open Source Edition 5.0 has TCP port 7676 open by default with a password of admin for the admin account. This allows remote attackers to obtain potentially sensitive information, perform database operations, or manipulate the demo via a JMX RMI session, aka a "jmx_rmi remote monitoring and control problem." NOTE: this is not an Oracle supported product.
CVSS 9.8