Sebastian Neef

3 exploits Active since Sep 2019
CVE-2019-17671 EXPLOITDB MEDIUM WRITEUP
WordPress < 5.2.4 - Unauthenticated Exposure of Sensitive Information via Static Query Property
In WordPress before 5.2.4, unauthenticated viewing of certain content is possible because the static query property is mishandled.
CVSS 5.3
CVE-2019-10092 EXPLOITDB MEDIUM WRITEUP
Apache HTTP Server 2.4.0-2.4.39 - Cross-Site Scripting in mod_proxy Error Page
In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.
CVSS 6.1
CVE-2019-10098 EXPLOITDB MEDIUM WORKING POC
Apache HTTP Server 2.4.0-2.4.39 - Open Redirect via Encoded Newlines in mod_rewrite
In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.
CVSS 6.1