Alvaro Muñoz

12 exploits Active since Aug 2017
CVE-2020-10199 NOMISEC HIGH WORKING POC
Nexus Repository Manager Java EL Injection RCE
Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).
CVSS 8.8
CVE-2021-41269 WRITEUP CRITICAL WRITEUP
cron-utils < 9.1.6 - Unauthenticated Remote Code Execution via Java EL Expression Injection
cron-utils is a Java library to define, parse, validate, migrate crons as well as get human readable descriptions for them. In affected versions A template Injection was identified in cron-utils enabling attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote Code Execution (RCE) vulnerability. Versions up to 9.1.2 are susceptible to this vulnerability. Please note, that only projects using the @Cron annotation to validate untrusted Cron expressions are affected. The issue was patched and a new version was released. Please upgrade to version 9.1.6. There are no known workarounds known.
CVSS 10.0
CVE-2019-18935 METASPLOIT CRITICAL ruby WORKING POC
Telerik UI ASP.NET AJAX RadAsyncUpload Deserialization
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (As of 2020.1.114, a default setting prevents the exploit. In 2019.3.1023, but not earlier versions, a non-default setting can prevent exploitation.)
CVSS 9.8
CVE-2019-0230 METASPLOIT CRITICAL ruby WORKING POC
Apache Struts 2.0.0-2.5.20 - Remote Code Execution via Forced Double OGNL Evaluation
Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.
CVSS 9.8
CVE-2022-42889 METASPLOIT CRITICAL ruby WORKING POC
Apache Commons Text 1.5-1.9 - Remote Code Execution via String Interpolation
Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default.
CVSS 9.8
CVE-2020-17530 METASPLOIT CRITICAL ruby WORKING POC
Apache Struts 2 Forced Multi OGNL Evaluation
Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25.
CVSS 9.8
CVE-2017-11317 METASPLOIT CRITICAL ruby WORKING POC
Telerik UI for ASP.NET AJAX < 2017.1.118 - Remote Code Execution via Weak RadAsyncUpload Encryption
Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.
CVSS 9.8
CVE-2021-38294 METASPLOIT CRITICAL ruby WORKING POC
Apache Storm <2.2.1, <1.2.4 - Command Injection
A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache Storm 1.x prior to 1.2.4. A specially crafted thrift request to the Nimbus server allows Remote Code Execution (RCE) prior to authentication.
CVSS 9.8
CVE-2023-49070 METASPLOIT CRITICAL ruby WORKING POC
Apache OFBiz < 18.12.10 - Unauthenticated Remote Code Execution via XML-RPC
Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10.  Users are recommended to upgrade to version 18.12.10
CVSS 9.8
CVE-2020-10199 METASPLOIT HIGH ruby WORKING POC
Nexus Repository Manager Java EL Injection RCE
Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).
CVSS 8.8
CVE-2020-10199 EXPLOITDB HIGH ruby WORKING POC
Nexus Repository Manager Java EL Injection RCE
Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).
CVSS 8.8
CVE-2020-10199 EXPLOITDB HIGH python WORKING POC
Nexus Repository Manager Java EL Injection RCE
Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).
CVSS 8.8