omarelshopky - Security Researcher - Exploit Intelligence Platform

CVE-2024-2961 NOMISEC HIGH WORKING POC

GNU C Library <2.39 - Buffer Overflow

The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.

1 stars

CVSS 7.3

View Code

CVE-2023-26326 NOMISEC CRITICAL WORKING POC

BuddyForms <2.7.8 - Insecure Deserialization

The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an unauthenticated insecure deserialization issue. An unauthenticated attacker could leverage this issue to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present.

1 stars

CVSS 9.8

View Code

CVE-2023-26326 NOMISEC CRITICAL WORKING POC

BuddyForms <2.7.8 - Insecure Deserialization

The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an unauthenticated insecure deserialization issue. An unauthenticated attacker could leverage this issue to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present.

CVSS 9.8

View Code

CVE-2024-2961 VULNCHECK_XDB HIGH WORKING POC

GNU C Library <2.39 - Buffer Overflow

The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.

CVSS 7.3

View Code