Craig

4 exploits Active since Jun 2000
CVE-2022-22965 NOMISEC CRITICAL WORKING POC
Spring Framework - Remote Code Execution via Data Binding
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
13 stars
CVSS 9.8
CVE-2022-22965 VULNCHECK_XDB CRITICAL WORKING POC
Spring Framework - Remote Code Execution via Data Binding
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
CVSS 9.8
CVE-2000-1033 EXPLOITDB java WORKING POC
Serv-U FTP Server - Unauthenticated Password Guessing Bypass via Anti-Hammering Feature
Serv-U FTP Server allows remote attackers to bypass its anti-hammering feature by first logging on as a valid user (possibly anonymous) and then attempting to guess the passwords of other users.
CVE-2000-0501 EXPLOITDB text WORKING POC
MDaemon 2.8.5.0 - Denial of Service via UIDL Command Race Condition
Race condition in MDaemon 2.8.5.0 POP server allows local users to cause a denial of service by entering a UIDL command and quickly exiting the server.