andikahilmy

165 exploits Active since Aug 2013
CVE-2020-9548 NOMISEC CRITICAL WORKING POC
jackson-databind 2.0.0-2.7.9.7 - Deserialization of Untrusted Data via anteros-core Gadget
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).
CVSS 9.8
CVE-2020-36184 NOMISEC HIGH WORKING POC
Netapp Cloud Backup < 21.1.2 - Insecure Deserialization
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.
CVSS 8.1
CVE-2020-36179 NOMISEC HIGH WORKING POC
Oracle JD Edwards Enterpriseone Tools - Insecure Deserialization
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.
CVSS 8.1
CVE-2020-36185 NOMISEC HIGH WORKING POC
jackson-databind 2.0.0-2.9.10.7 - Deserialization of Untrusted Data via SharedPoolDataSource
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource.
CVSS 8.1
CVE-2020-36181 NOMISEC HIGH WORKING POC
Netapp Service Level Manager < 21.1.2 - Insecure Deserialization
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS.
CVSS 8.1
CVE-2020-36518 NOMISEC HIGH STUB
jackson-databind < 2.13.0 - Denial of Service via Nested Object Depth
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
CVSS 7.5
CVE-2020-7692 NOMISEC HIGH STUB
Google OAuth Client Library for Java < 1.31.0 - Incorrect Authorization via Missing PKCE Implementation
PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized. An attacker is able to obtain the authorization code using a malicious app on the client-side and use it to gain authorization to the protected resource. This affects the package com.google.oauth-client:google-oauth-client before 1.31.0.
CVSS 7.4
CVE-2020-36182 NOMISEC HIGH WORKING POC
jackson-databind 2.0.0-2.9.10.7 - Deserialization of Untrusted Data
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.
CVSS 8.1
CVE-2020-36183 NOMISEC HIGH WRITEUP
FasterXML jackson-databind 2.0.0-2.9.10.7 - Deserialization of Untrusted Data
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.
CVSS 8.1
CVE-2020-25649 NOMISEC HIGH STUB
jackson-databind 2.6.0-2.6.7.3 - XML External Entity Injection
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.
CVSS 7.5
CVE-2020-1695 NOMISEC HIGH WRITEUP
Resteasy 3.0.0-3.11.9 and 4.0.0-4.5.9 - HTTP Response Header Injection via Improper Input Validation
A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.
CVSS 7.5
CVE-2020-26217 NOMISEC HIGH STUB
XStream < 1.4.14 - Remote Code Execution via Blocklist Bypass
XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14.
CVSS 8.0
CVE-2020-13959 NOMISEC MEDIUM WRITEUP
Apache Velocity Tools < 3.1 - Cross-Site Scripting via URL vm File Parameter
The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this payload being executed. XSS vulnerabilities allow attackers to execute arbitrary JavaScript in the context of the attacked website and the attacked user. This can be abused to steal session cookies, perform requests in the name of the victim or for phishing attacks.
CVSS 6.1
CVE-2020-14061 NOMISEC HIGH WORKING POC
jackson-databind 2.9.0-2.9.10.4 - Deserialization of Untrusted Data via Oracle AQjms Gadgets
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).
CVSS 8.1
CVE-2020-11619 NOMISEC HIGH WORKING POC
jackson-databind 2.9.0-2.9.10.3 - Deserialization of Untrusted Data via spring-aop MethodLocatingFactoryBean
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).
CVSS 8.1
CVE-2020-11113 NOMISEC HIGH WORKING POC
FasterXML Jackson-Databind <2.9.10.4 - Code Injection
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).
CVSS 8.8
CVE-2020-14060 NOMISEC HIGH WORKING POC
jackson-databind 2.9.0-2.9.10.4 - Deserialization of Untrusted Data via apache/drill JNDIConnectionPool
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).
CVSS 8.1
CVE-2020-14195 NOMISEC HIGH WORKING POC
jackson-databind 2.9.0-2.9.10.4 - Deserialization of Untrusted Data via org.jsecurity.realm.jndi.JndiRealmFactory
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).
CVSS 8.1
CVE-2020-15250 NOMISEC MEDIUM STUB
JUnit4 4.7-4.13 - Local Information Disclosure via TemporaryFolder Rule
In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. This vulnerability impacts you if the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder, and the JUnit tests execute in an environment where the OS has other untrusted users. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. For Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. For Java 1.6 and lower users: no patch is available, you must use the workaround below. If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. For more information, including an example of vulnerable code, see the referenced GitHub Security Advisory.
CVSS 4.4
CVE-2020-24616 NOMISEC HIGH WORKING POC
FasterXML jackson-databind <2.9.10.6 - RCE
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).
CVSS 8.1
CVE-2020-24750 NOMISEC HIGH WORKING POC
jackson-databind 2.0.0-2.9.10.5 - Deserialization of Untrusted Data via JndiConfiguration
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.
CVSS 8.1
CVE-2020-11620 NOMISEC HIGH WORKING POC
jackson-databind 2.9.0-2.9.10.3 - Deserialization of Untrusted Data via commons-jelly Gadget
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).
CVSS 8.1
CVE-2020-14062 NOMISEC HIGH WORKING POC
FasterXML jackson-databind 2.9.0-2.9.10.4 - Deserialization of Untrusted Data via xalan2 JNDIConnectionPool
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).
CVSS 8.1
CVE-2020-26258 NOMISEC MEDIUM STUB
XStream <1.4.15 - Server-Side Request Forgery via XML Unmarshalling
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, a Server-Side Forgery Request vulnerability can be activated when unmarshalling. The vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.15. The reported vulnerability does not exist if running Java 15 or higher. No user is affected who followed the recommendation to setup XStream's Security Framework with a whitelist! Anyone relying on XStream's default blacklist can immediately switch to a whilelist for the allowed types to avoid the vulnerability. Users of XStream 1.4.14 or below who still want to use XStream default blacklist can use a workaround described in more detailed in the referenced advisories.
CVSS 6.3
CVE-2020-10968 NOMISEC HIGH WORKING POC
FasterXML Jackson-Databind <2.9.10.4 - Code Injection
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).
CVSS 8.8