orf53975

2 exploits Active since May 2015

CVE-2018-8174 NOMISEC HIGH WRITEUP

Windows VBScript Engine - Remote Code Execution via Memory Object Handling

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

1 stars

CVSS 7.5

View Code

CVE-2015-3456 NOMISEC WORKING POC

QEMU < 2.3.0 - Memory Corruption via Floppy Disk Controller Commands

The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.

View Code