BlackFan

8 exploits Active since Jul 2012
CVE-2019-0219 GITHUB CRITICAL WORKING POC
Cordova InAppBrowser < 3.0.0 - Arbitrary JavaScript Execution via gap-iab URI
A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI.
21 stars
CVSS 9.8
CVE-2016-6716 GITHUB MEDIUM WORKING POC
Android < 7.0 - Privilege Escalation via Launcher Shortcut Creation
An elevation of privilege vulnerability in the AOSP Launcher in Android 7.0 before 2016-11-01 could allow a local malicious application to create shortcuts that have elevated privileges without the user's consent. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initiation or user permission). Android ID: A-30778130.
21 stars
CVSS 5.5
CVE-2018-11784 GITHUB MEDIUM WRITEUP
Apache Tomcat 7.0.23-7.0.90, 8.5.0-8.5.33, 9.0.0.M1-9.0.11 - Open Redirect via Default Servlet
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.
21 stars
CVSS 4.3
CVE-2012-3365 GITHUB WORKING POC
PHP < 5.3.15 - open_basedir Protection Bypass via SQLite Functionality
The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors.
21 stars
CVE-2015-1164 GITHUB WRITEUP
serve-static <1.7.2 - Open Redirect
Open redirect vulnerability in the serve-static plugin before 1.7.2 for Node.js, when mounted at the root, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a // (slash slash) followed by a domain in the PATH_INFO to the default URI.
21 stars
CVE-2016-4975 GITHUB MEDIUM WRITEUP
Apache HTTP Server <2.4.24, <2.2.32 - CRLF Injection
Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).
21 stars
CVSS 6.1
CVE-2019-8331 NOMISEC MEDIUM WRITEUP
Bootstrap < 3.4.1 and 4.3.x < 4.3.1 - Cross-Site Scripting via Tooltip or Popover Data-Template Attribute
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
CVSS 6.1
CVE-2018-15133 NOMISEC HIGH WORKING POC
Laravel Framework < 5.5.40 and 5.6.x < 5.6.30 - Remote Code Execution via Unserialize of X-XSRF-TOKEN
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in gadgetchains/Laravel/RCE/3/chain.php in phpggc. The attacker must know the application key, which normally would never occur, but could happen if the attacker previously had privileged access or successfully accomplished a previous attack.
CVSS 8.1