wetw0rk

19 exploits Active since Dec 2017
CVE-2020-8012 NOMISEC CRITICAL WORKING POC
Broadcom Unified Infrastructure Management < 9.20 - Remote Code Execution via Buffer Overflow in Robot Component
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a buffer overflow vulnerability in the robot (controller) component. A remote attacker can execute arbitrary code.
75 stars
CVSS 9.8
CVE-2019-1003000 NOMISEC HIGH WORKING POC
Jenkins Script Security Plugin < 1.50 - Sandbox Bypass Remote Code Execution
A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM.
75 stars
CVSS 8.8
CVE-2018-1999002 NOMISEC HIGH WORKING POC
Jenkins <2.132, <2.121.1 - Info Disclosure
A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins master has access to.
75 stars
CVSS 7.5
CVE-2017-17099 NOMISEC HIGH WORKING POC
Flexense SyncBreeze Enterprise <10.1.16 - Buffer Overflow
There exists an unauthenticated SEH based Buffer Overflow vulnerability in the HTTP server of Flexense SyncBreeze Enterprise v10.1.16. When sending a GET request with an excessive length, it is possible for a malicious user to overwrite the SEH record and execute a payload that would run under the Windows SYSTEM account.
75 stars
CVSS 7.8
CVE-2016-10709 NOMISEC HIGH WORKING POC
pfSense < 2.2.6 - Authenticated OS Command Injection via Graph Parameter
pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the status_rrd_graph_img.php graph parameter, related to _rrd_graph_img.php.
75 stars
CVSS 8.8
CVE-2018-1999002 NOMISEC HIGH WORKING POC
Jenkins <2.132, <2.121.1 - Info Disclosure
A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins master has access to.
CVSS 7.5
CVE-2019-1003000 NOMISEC HIGH WORKING POC
Jenkins Script Security Plugin < 1.50 - Sandbox Bypass Remote Code Execution
A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM.
CVSS 8.8
CVE-2019-1003000 NOMISEC HIGH WORKING POC
Jenkins Script Security Plugin < 1.50 - Sandbox Bypass Remote Code Execution
A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM.
CVSS 8.8
CVE-2018-1999002 NOMISEC HIGH WORKING POC
Jenkins <2.132, <2.121.1 - Info Disclosure
A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins master has access to.
CVSS 7.5
CVE-2018-25323 EXPLOITDB HIGH python WORKING POC
Allok AVI DivX MPEG to DVD Converter 2.6.1217 Buffer Overflow SEH
Allok AVI DivX MPEG to DVD Converter 2.6.1217 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload. Attackers can craft a text file with a specially crafted buffer containing shellcode and SEH chain overwrite values, then paste the contents into the License Name field to trigger code execution.
CVSS 8.4
CVE-2020-8010 METASPLOIT CRITICAL ruby WORKING POC
CA Unified Infrastructure Management Nimsoft 7.80 - Remote Buffer Overflow
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target system.
CVSS 9.8
CVE-2017-18047 EXPLOITDB CRITICAL python WORKING POC
LabF nfsAxe 3.7 - Buffer Overflow via Long FTP Reply
Buffer Overflow in the FTP client in LabF nfsAxe 3.7 allows remote FTP servers to execute arbitrary code via a long reply.
CVSS 9.8
CVE-2018-1999002 EXPLOITDB HIGH python WORKING POC
Jenkins <2.132, <2.121.1 - Info Disclosure
A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins master has access to.
CVSS 7.5
CVE-2017-17099 EXPLOITDB HIGH ruby WORKING POC
Flexense SyncBreeze Enterprise <10.1.16 - Buffer Overflow
There exists an unauthenticated SEH based Buffer Overflow vulnerability in the HTTP server of Flexense SyncBreeze Enterprise v10.1.16. When sending a GET request with an excessive length, it is possible for a malicious user to overwrite the SEH record and execute a payload that would run under the Windows SYSTEM account.
CVSS 7.8
CVE-2017-14742 EXPLOITDB CRITICAL python WORKING POC
LabF nfsAxe FTP client 3.7 - Remote Code Execution via Buffer Overflow
Buffer overflow in LabF nfsAxe FTP client 3.7 allows an attacker to execute code remotely.
CVSS 9.8
CVE-2020-8012 METASPLOIT CRITICAL ruby WORKING POC
Broadcom Unified Infrastructure Management < 9.20 - Remote Code Execution via Buffer Overflow in Robot Component
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a buffer overflow vulnerability in the robot (controller) component. A remote attacker can execute arbitrary code.
CVSS 9.8
CVE-2020-8012 EXPLOITDB CRITICAL c WORKING POC
Broadcom Unified Infrastructure Management < 9.20 - Remote Code Execution via Buffer Overflow in Robot Component
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a buffer overflow vulnerability in the robot (controller) component. A remote attacker can execute arbitrary code.
CVSS 9.8
EIP-2026-118085 EXPLOITDB python WORKING POC
VX Search 10.2.14 - 'Proxy' Local Buffer Overflow (SEH)
CVE-2019-1003000 EXPLOITDB HIGH python WORKING POC
Jenkins Script Security Plugin < 1.50 - Sandbox Bypass Remote Code Execution
A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM.
CVSS 8.8