Scott Nicklous

2 exploits Active since Jun 2018
CVE-2018-1306 NOMISEC HIGH WORKING POC
Apache Pluto 3.0.0 - Exposure of Sensitive Information via File Upload Path Disclosure
The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. An attacker could exploit this vulnerability to obtain configuration data and other sensitive information.
CVSS 7.5
CVE-2018-1306 NOMISEC HIGH WORKING POC
Apache Pluto 3.0.0 - Exposure of Sensitive Information via File Upload Path Disclosure
The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. An attacker could exploit this vulnerability to obtain configuration data and other sensitive information.
CVSS 7.5