mauricelambert

7 exploits Active since May 2014
CVE-2022-21907 NOMISEC CRITICAL WORKING POC
HTTP Protocol Stack - RCE
HTTP Protocol Stack Remote Code Execution Vulnerability
26 stars
CVSS 9.8
CVE-2022-47986 NOMISEC CRITICAL WORKING POC
IBM Aspera Faspex < 4.4.1 - Insecure Deserialization
IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 PL2. IBM X-Force ID: 243512.
1 stars
CVSS 9.8
CVE-2021-43798 NOMISEC HIGH WORKING POC
Grafana Plugin Path Traversal
Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.
CVSS 7.5
CVE-2021-26855 NOMISEC CRITICAL SCANNER
Microsoft Exchange ProxyLogon RCE
Microsoft Exchange Server Remote Code Execution Vulnerability
CVSS 9.1
CVE-2021-21985 NOMISEC CRITICAL SCANNER
Vmware Vcenter Server < 3.10.2.1 - SSRF
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.
CVSS 9.8
CVE-2014-1812 NOMISEC HIGH WORKING POC
Microsoft Windows - Privilege Escalation
The Group Policy implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not properly handle distribution of passwords, which allows remote authenticated users to obtain sensitive credential information and consequently gain privileges by leveraging access to the SYSVOL share, as exploited in the wild in May 2014, aka "Group Policy Preferences Password Elevation of Privilege Vulnerability."
CVSS 8.8
CVE-2021-31166 PATCHAPALOOZA CRITICAL WORKING POC
Windows IIS HTTP Protocol Stack DOS
HTTP Protocol Stack Remote Code Execution Vulnerability
CVSS 9.8