EXP-Docs

5 exploits Active since Sep 2019
CVE-2021-22192 NOMISEC CRITICAL WORKING POC
GitLab CE/EE <13.2 - Authenticated RCE
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 allowing unauthorized authenticated users to execute arbitrary code on the server.
36 stars
CVSS 9.9
CVE-2020-13277 NOMISEC MEDIUM WORKING POC
GitLab CE/EE <13.0.5 - Info Disclosure
An authorization issue in the mirroring logic allowed read access to private repositories in GitLab CE/EE 10.6 and later through 13.0.5
27 stars
CVSS 6.3
CVE-2020-13933 NOMISEC HIGH WORKING POC
Apache Shiro < 1.6.0 - Authentication Bypass
Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass.
14 stars
CVSS 7.5
CVE-2019-5475 NOMISEC HIGH WORKING POC
Sonatype Nexus Repository Manager < 2.14.9-01 - OS Command Injection
The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data, such as the Yum Configuration Capability.
4 stars
CVSS 8.8
CVE-2019-15588 NOMISEC HIGH SUSPICIOUS
Sonatype Nexus Repository Manager < 2.14.14 - Command Injection
There is an OS Command Injection in Nexus Repository Manager <= 2.14.14 (bypass CVE-2019-5475) that could allow an attacker a Remote Code Execution (RCE). All instances using CommandLineExecutor.java with user-supplied data is vulnerable, such as the Yum Configuration Capability.
CVSS 7.2