nobodyatall648

8 exploits Active since May 2003
CVE-2019-1388 NOMISEC HIGH WRITEUP
Windows Certificate Dialog - Privilege Escalation
An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges, aka 'Windows Certificate Dialog Elevation of Privilege Vulnerability'.
20 stars
CVSS 7.8
CVE-2011-2523 NOMISEC CRITICAL WORKING POC
vsftpd 2.3.4 - Backdoor Command Execution
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
3 stars
CVSS 9.8
CVE-2021-46422 NOMISEC CRITICAL WORKING POC
Telesquare SDT-CW3B1 1.1.0 - Command Injection
Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication.
1 stars
CVSS 9.8
CVE-2021-3156 NOMISEC HIGH SCANNER
Sudo Heap-Based Buffer Overflow
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
1 stars
CVSS 7.8
CVE-2019-12744 NOMISEC HIGH WORKING POC
seeddms < 5.1.11 - Remote Command Execution via Unvalidated PHP File Upload
SeedDMS before 5.1.11 allows Remote Command Execution (RCE) because of unvalidated file upload of PHP scripts, a different vulnerability than CVE-2018-12940.
1 stars
CVSS 7.5
CVE-2019-6340 NOMISEC HIGH WORKING POC
Drupal 7.0.0-7.61.0 8.5.0-8.5.10 8.6.0-8.6.9 - Remote Code Execution via Unsanitized Field Data
Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows PATCH or POST requests, or the site has another web services module enabled, like JSON:API in Drupal 8, or Services or RESTful Web Services in Drupal 7. (Note: The Drupal 7 Services module itself does not require an update at this time, but you should apply other contributed updates associated with this advisory if Services is in use.)
CVSS 8.1
CVE-2009-0182 NOMISEC HIGH WORKING POC
VUPlayer < 2.49 - Buffer Overflow via Long URL in .pls File
Buffer overflow in VUPlayer 2.49 and earlier allows user-assisted attackers to execute arbitrary code via a long URL in a File line in a .pls file, as demonstrated by an http URL on a File1 line.
CVSS 8.8
CVE-2003-0264 NOMISEC WORKING POC
SLMail 5.1.0.4420 - Buffer Overflow
Multiple buffer overflows in SLMail 5.1.0.4420 allows remote attackers to execute arbitrary code via (1) a long EHLO argument to slmail.exe, (2) a long XTRN argument to slmail.exe, (3) a long string to POPPASSWD, or (4) a long password to the POP3 server.