AleWong - Security Researcher - Exploit Intelligence Platform

CVE-2019-11043 NOMISEC HIGH SCANNER

Php < 7.1.33 - Out-of-Bounds Write

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.

4 stars

CVSS 8.7

View Code

CVE-2019-15107 NOMISEC CRITICAL WORKING POC

Webmin < 1.920 - OS Command Injection

An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.

3 stars

CVSS 9.8

View Code

CVE-2019-17558 METASPLOIT HIGH ruby WORKING POC

Apache Solr < 7.7.3 - Injection

Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/` directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting `params.resource.loader.enabled` by defining a response writer with that setting set to `true`. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is `trusted` (has been uploaded by an authenticated user).

CVSS 7.5

View Code

CVE-2019-17558 EXPLOITDB HIGH ruby WORKING POC

Apache Solr < 7.7.3 - Injection

Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/` directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting `params.resource.loader.enabled` by defining a response writer with that setting set to `true`. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is `trusted` (has been uploaded by an authenticated user).

CVSS 7.5

View Code