Jarad Kopf

3 exploits Active since Jun 2019
CVE-2019-11080 WRITEUP HIGH WRITEUP
Sitecore Experience Platform < 9.1.1 - Authenticated Remote Code Execution via Deserialization
Sitecore Experience Platform (XP) prior to 9.1.1 is vulnerable to remote code execution via deserialization, aka TFS # 293863. An authenticated user with necessary permissions is able to remotely execute OS commands by sending a crafted serialized object.
CVSS 8.8
CVE-2019-15637 EXPLOITDB HIGH python WORKING POC
Tableau Server 10.5-10.5.17 - XML External Entity Injection via Workbook
Numerous Tableau products are vulnerable to XXE via a malicious workbook, extension, or data source, leading to information disclosure or a DoS. This affects Tableau Server, Tableau Desktop, Tableau Reader, and Tableau Public Desktop.
CVSS 8.1
CVE-2019-11080 EXPLOITDB HIGH text WRITEUP
Sitecore Experience Platform < 9.1.1 - Authenticated Remote Code Execution via Deserialization
Sitecore Experience Platform (XP) prior to 9.1.1 is vulnerable to remote code execution via deserialization, aka TFS # 293863. An authenticated user with necessary permissions is able to remotely execute OS commands by sending a crafted serialized object.
CVSS 8.8