Medicean

14 exploits Active since Sep 2014
CVE-2017-1000117 NOMISEC HIGH WORKING POC
Malicious Git HTTP Server For CVE-2017-1000117
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability.
3 stars
CVSS 8.8
CVE-2017-8046 NOMISEC CRITICAL STUB
Spring Data REST < 2.6.9 and Spring Boot < 1.5.9 - Remote Code Execution via Malicious PATCH Request
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code.
1 stars
CVSS 9.8
CVE-2018-1273 NOMISEC CRITICAL STUB
Spring Data Commons < 1.13.11 - Unauthenticated Remote Code Execution via Property Binder
Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.
CVSS 9.8
CVE-2017-8917 NOMISEC CRITICAL STUB
Joomla! 3.7.x - SQL Injection
SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors.
CVSS 9.8
CVE-2016-8870 NOMISEC HIGH WORKING POC
Joomla! < 3.6.3 - Unauthenticated User Account Creation via UsersModelRegistration
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting.
CVSS 8.1
CVE-2016-10033 NOMISEC CRITICAL WORKING POC
PHPMailer Sendmail Argument Injection
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
CVSS 9.8
CVE-2017-1000117 NOMISEC HIGH WORKING POC
Malicious Git HTTP Server For CVE-2017-1000117
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability.
CVSS 8.8
CVE-2017-12615 NOMISEC HIGH STUB
Apache Tomcat 7.0.0-7.0.79 - Unauthenticated Remote Code Execution via JSP Upload
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
CVSS 8.1
CVE-2017-4971 NOMISEC MEDIUM STUB
Pivotal Spring Web Flow <2.4.4 - Info Disclosure
An issue was discovered in Pivotal Spring Web Flow through 2.4.4. Applications that do not change the value of the MvcViewFactoryCreator useSpringBinding property which is disabled by default (i.e., set to 'false') can be vulnerable to malicious EL expressions in view states that process form submissions but do not have a sub-element to declare explicit data binding property mappings.
CVSS 5.9
CVE-2017-7529 NOMISEC HIGH STUB
nginx 0.5.6-1.13.2 - Integer Overflow in Range Filter Module
Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.
CVSS 7.5
CVE-2015-8103 NOMISEC CRITICAL STUB
Jenkins CLI RMI Java Deserialization Vulnerability
The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-*.jar file and the "Groovy variant in 'ysoserial'".
CVSS 9.8
CVE-2016-8869 NOMISEC CRITICAL WORKING POC
Joomla! <3.6.4 - Privilege Escalation
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use of unfiltered data when registering on a site.
CVSS 9.8
CVE-2014-6271 NOMISEC CRITICAL WRITEUP
Apache mod_cgi Bash Environment Variable Code Injection (Shellshock)
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
CVSS 9.8
CVE-2019-13970 WRITEUP MEDIUM WRITEUP
antsword < 2.1.0 - Self Cross-Site Scripting in Database Configuration
In antSword before 2.1.0, self-XSS in the database configuration leads to code execution via modules/database/asp/index.js, modules/database/custom/index.js, modules/database/index.js, or modules/database/php/index.js.
CVSS 6.1