YutuSec

4 exploits Active since Jun 2016
CVE-2016-3088 NOMISEC CRITICAL WORKING POC
ActiveMQ web shell upload
The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.
19 stars
CVSS 9.8
CVE-2021-45232 NOMISEC CRITICAL WORKING POC
Apache Apisix Dashboard < 2.10.1 - Missing Authentication
In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework `droplet` on the basis of framework `gin`, all APIs and authentication middleware are developed based on framework `droplet`, but some API directly use the interface of framework `gin` thus bypassing the authentication.
7 stars
CVSS 9.8
CVE-2020-13945 NOMISEC MEDIUM WORKING POC
Apache APISIX <1.6 - Privilege Escalation
In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data. This affects versions 1.2, 1.3, 1.4, 1.5.
7 stars
CVSS 6.5
CVE-2022-22947 NOMISEC CRITICAL WORKING POC
Spring Cloud Gateway Remote Code Execution
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.
6 stars
CVSS 10.0