rayngnpc

3 exploits Active since May 2022
CVE-2024-49019 NOMISEC HIGH WRITEUP
Active Directory Certificate Services - Privilege Escalation
Active Directory Certificate Services Elevation of Privilege Vulnerability
3 stars
CVSS 7.8
CVE-2024-4577 NOMISEC CRITICAL WRITEUP
PHP CGI Argument Injection Remote Code Execution
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
CVSS 9.8
CVE-2022-26923 NOMISEC HIGH WRITEUP
Active Directory Certificate Services (ADCS) privilege escalation (Certifried)
Active Directory Domain Services Elevation of Privilege Vulnerability
CVSS 8.8