Roland Heimpoldinger

2 exploits Active since Sep 2019

CVE-2020-7247 NOMISEC CRITICAL WORKING POC

OpenSMTPD 6.6 - Remote Code Execution via MAIL FROM Field

smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.

5 stars

CVSS 9.8

View Code

CVE-2019-8449 NOMISEC MEDIUM WORKING POC

Jira < 8.4.0 - Information Disclosure via Group User Picker Endpoint

The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote attackers to enumerate usernames via an information disclosure vulnerability.

2 stars

CVSS 5.3

View Code