AleWong - Security Researcher - Exploit Intelligence Platform

CVE-2019-11043 NOMISEC HIGH SCANNER

PHP 7.1.x < 7.1.33, 7.2.x < 7.2.24, 7.3.x < 7.3.11 - Remote Code Execution via FPM Buffer Overflow

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.

4 stars

CVSS 8.7

View Code

CVE-2019-15107 NOMISEC CRITICAL WORKING POC

Webmin <= 1.920 - OS Command Injection via password_change.cgi Old Parameter

An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.

3 stars

CVSS 9.8

View Code

CVE-2019-17558 METASPLOIT HIGH ruby WORKING POC

Apache Solr 5.0.0-8.3.1 - Remote Code Execution via Velocity Template Injection

Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/` directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting `params.resource.loader.enabled` by defining a response writer with that setting set to `true`. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is `trusted` (has been uploaded by an authenticated user).

CVSS 7.5

View Code

CVE-2019-17558 EXPLOITDB HIGH ruby WORKING POC

Apache Solr 5.0.0-8.3.1 - Remote Code Execution via Velocity Template Injection

Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/` directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting `params.resource.loader.enabled` by defining a response writer with that setting set to `true`. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is `trusted` (has been uploaded by an authenticated user).

CVSS 7.5

View Code