Matt Moore

17 exploits Active since Jul 2002
CVE-2022-35929 WRITEUP HIGH WRITEUP
sigstore cosign < 1.10.1 - Improper Verification of Cryptographic Signature via Attestation Type Check
cosign is a container signing and verification utility. In versions prior to 1.10.1 cosign can report a false positive if any attestation exists. `cosign verify-attestation` used with the `--type` flag will report a false positive verification when there is at least one attestation with a valid signature and there are NO attestations of the type being verified (--type defaults to "custom"). This can happen when signing with a standard keypair and with "keyless" signing with Fulcio. This vulnerability can be reproduced with the `distroless.dev/static@sha256:dd7614b5a12bc4d617b223c588b4e0c833402b8f4991fb5702ea83afad1986e2` image. This image has a `vuln` attestation but not an `spdx` attestation. However, if you run `cosign verify-attestation --type=spdx` on this image, it incorrectly succeeds. This issue has been addressed in version 1.10.1 of cosign. Users are advised to upgrade. There are no known workarounds for this issue.
CVSS 7.1
CVE-2022-35930 WRITEUP HIGH WRITEUP
PolicyController <0.2.1 - Info Disclosure
PolicyController is a utility used to enforce supply chain policy in Kubernetes clusters. In versions prior to 0.2.1 PolicyController will report a false positive, resulting in an admission when it should not be admitted when there is at least one attestation with a valid signature and there are NO attestations of the type being verified (--type defaults to "custom"). An example image that can be used to test this is `ghcr.io/distroless/static@sha256:dd7614b5a12bc4d617b223c588b4e0c833402b8f4991fb5702ea83afad1986e2`. Users should upgrade to version 0.2.1 to resolve this issue. There are no workarounds for users unable to upgrade.
CVSS 7.1
CVE-2024-28110 WRITEUP HIGH WRITEUP
cloudevents/sdk-go < 2.15.2 - Credential Leak via http.DefaultClient Modification
Go SDK for CloudEvents is the official CloudEvents SDK to integrate applications with CloudEvents. Prior to version 2.15.2, using cloudevents.WithRoundTripper to create a cloudevents.Client with an authenticated http.RoundTripper causes the go-sdk to leak credentials to arbitrary endpoints. When the transport is populated with an authenticated transport, then http.DefaultClient is modified with the authenticated transport and will start to send Authorization tokens to any endpoint it is used to contact. Version 2.15.2 patches this issue.
CVSS 7.5
CVE-2024-34079 WRITEUP LOW WRITEUP
octo-sts app < 0.1.0 - Denial of Service via Resource Consumption
octo-sts is a GitHub App that acts like a Security Token Service (STS) for the Github API. This vulnerability can spike the resource utilization of the STS service, and combined with a significant traffic volume could potentially lead to a denial of service. This vulnerability is fixed in 0.1.0
CVSS 3.7
EIP-2026-119350 EXPLOITDB text WRITEUP
Apache Tomcat 4.0.3 - Denial of Service 'Device Name' / Cross-Site Scripting
CVE-2002-0893 EXPLOITDB text WORKING POC
NewAtlanta ServletExec ISAPI 4.1 - Directory Traversal via URL-Encoded Dot-Dot Sequences
Directory traversal vulnerability in NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to read arbitrary files via a URL-encoded request to com.newatlanta.servletexec.JSP10Servlet containing "..%5c" (modified dot-dot) sequences.
CVE-2002-0892 EXPLOITDB text WRITEUP
NewAtlanta ServletExec ISAPI 4.1 - Info Disclosure
The default configuration of NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to determine the path of the web root via a direct request to com.newatlanta.servletexec.JSP10Servlet without a filename, which leaks the pathname in an error message.
CVE-2002-0708 EXPLOITDB text WRITEUP
SurfControl SuperScout WebFilter - Directory Traversal via Triple Dot Sequences
Directory traversal vulnerability in the Web Reports Server for SurfControl SuperScout WebFilter allows remote attackers to read arbitrary files via an HTTP request containing ... (triple dot) sequences.
CVE-2002-0709 EXPLOITDB text WRITEUP
SurfControl SuperScout WebFilter - SQL Injection via SimpleBar.dll RunReport Option
SQL injection vulnerabilities in the Web Reports Server for SurfControl SuperScout WebFilter allow remote attackers to execute arbitrary SQL queries via the RunReport option to SimpleBar.dll, and possibly other DLLs.
CVE-2002-0665 EXPLOITDB text WORKING POC
Macromedia JRun - Unauthenticated Authentication Bypass via Extra Slash in URL
Macromedia JRun Administration Server allows remote attackers to bypass authentication on the login form via an extra slash (/) in the URL.
CVE-2002-0187 EXPLOITDB text WORKING POC
Microsoft SQL Server 2000 - Cross-Site Scripting via XML SQL Query Root Parameter
Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka "Script Injection via XML Tag."
CVE-2002-0681 EXPLOITDB text WRITEUP
GoAhead Web Server 2.1 - Cross-Site Scripting via 404 Error Page
Cross-site scripting vulnerability in GoAhead Web Server 2.1 allows remote attackers to execute script as other web users via script in a URL that generates a "404 not found" message, which does not quote the script.
CVE-2002-0680 EXPLOITDB text WRITEUP
GoAhead Web Server 2.1 - Directory Traversal via Encoded Dot-Dot Sequence
Directory traversal vulnerability in GoAhead Web Server 2.1 allows remote attackers to read arbitrary files via a URL with an encoded / (%5C) in a .. (dot dot) sequence. NOTE: it is highly likely that this candidate will be REJECTED because it has been reported to be a duplicate of CVE-2001-0228.
CVE-2002-0894 EXPLOITDB c WORKING POC
NewAtlanta ServletExec ISAPI 4.1 - Denial of Service via Long JSP File Request
NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to cause a denial of service (crash) via (1) a request for a long .jsp file, or (2) a long URL sent directly to com.newatlanta.servletexec.JSP10Servlet.
CVE-2002-0186 EXPLOITDB text WRITEUP
Microsoft SQL Server 2000 - Buffer Overflow via Long Content-Type Parameter in SQLXML ISAPI Extension
Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension."
CVE-2002-0682 EXPLOITDB text WRITEUP
Apache Tomcat 4.0.3 - Cross-Site Scripting via Servlet Exception Handling
Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
CVE-2002-1178 EXPLOITDB text WORKING POC
Jetty HTTP Server < 4.1.0 - Directory Traversal via CGIServlet
Directory traversal vulnerability in the CGIServlet for Jetty HTTP server before 4.1.0 allows remote attackers to execute arbitrary commands via ..\ (dot-dot backslash) sequences in an HTTP request to the cgi-bin directory.