Arshan Dabirsiaghi

7 exploits Active since Aug 2009
CVE-2016-10006 NOMISEC MEDIUM WRITEUP
OWASP AntiSamy < 1.5.5 - Cross-Site Scripting via Style Attribute Bypass
In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input (a tag that supports style with active content), you could bypass the library protections and supply executable code. The impact is XSS.
CVSS 6.1
CVE-2016-10006 NOMISEC MEDIUM WORKING POC
OWASP AntiSamy < 1.5.5 - Cross-Site Scripting via Style Attribute Bypass
In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input (a tag that supports style with active content), you could bypass the library protections and supply executable code. The impact is XSS.
CVSS 6.1
CVE-2024-24569 WRITEUP MEDIUM WRITEUP
Pixee Java Code Security Toolkit <=1.1.1 - Path Traversal
The Pixee Java Code Security Toolkit is a set of security APIs meant to help secure Java code. `ZipSecurity#isBelowCurrentDirectory` is vulnerable to a partial-path traversal bypass. To be vulnerable to the bypass, the application must use toolkit version <=1.1.1, use ZipSecurity as a guard against path traversal, and have an exploit path. Although the control still protects attackers from escaping the application path into higher level directories (e.g., /etc/), it will allow "escaping" into sibling paths. For example, if your running path is /my/app/path you an attacker could navigate into /my/app/path-something-else. This vulnerability is patched in 1.1.2.
CVSS 5.4
CVE-2016-0792 METASPLOIT HIGH ruby WORKING POC
Jenkins XStream Groovy classpath Deserialization Vulnerability
Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and groovy.util.Expando.
CVSS 8.8
CVE-2009-2704 EXPLOITDB text WRITEUP
CA SiteMinder - XSS
CA SiteMinder allows remote attackers to bypass cross-site scripting (XSS) protections for J2EE applications via a request containing a %00 (encoded null byte).
CVE-2016-0792 EXPLOITDB HIGH ruby WORKING POC
Jenkins XStream Groovy classpath Deserialization Vulnerability
Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and groovy.util.Expando.
CVSS 8.8
CVE-2009-2705 EXPLOITDB text WRITEUP
CA SiteMinder - XSS
CA SiteMinder allows remote attackers to bypass cross-site scripting (XSS) protections for J2EE applications via a request containing non-canonical, "overlong Unicode" in place of blacklisted characters.