andikahilmy

165 exploits Active since Aug 2013
CVE-2020-24616 NOMISEC HIGH WORKING POC
FasterXML jackson-databind <2.9.10.6 - RCE
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).
CVSS 8.1
CVE-2020-25649 NOMISEC HIGH STUB
Fasterxml Jackson-databind < 2.6.7.4 - XXE
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.
CVSS 7.5
CVE-2020-26217 NOMISEC HIGH STUB
Xstream < 1.4.14 - OS Command Injection
XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14.
CVSS 8.0
CVE-2020-10969 NOMISEC HIGH WORKING POC
FasterXML Jackson <2.9.10.4 - RCE
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.
CVSS 8.8
CVE-2019-0201 NOMISEC MEDIUM STUB
Apache Activemq < 3.4.13 - Missing Authorization
An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users.
CVSS 5.9
CVE-2019-18393 NOMISEC MEDIUM STUB
Igniterealtime Openfire < 4.4.2 - Path Traversal
PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability.
CVSS 5.3
CVE-2019-17531 NOMISEC CRITICAL WORKING POC
Fasterxml Jackson-databind < 2.6.7.3 - Insecure Deserialization
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.
CVSS 9.8
CVE-2019-18394 NOMISEC CRITICAL STUB
Igniterealtime Openfire < 4.4.2 - SSRF
A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests.
CVSS 9.8
CVE-2019-16943 NOMISEC CRITICAL STUB
Fasterxml Jackson-databind < 2.6.7.3 - Insecure Deserialization
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.
CVSS 9.8
CVE-2019-17267 NOMISEC CRITICAL WORKING POC
Fasterxml Jackson-databind < 2.8.11.5 - Insecure Deserialization
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.
CVSS 9.8
CVE-2019-20330 NOMISEC CRITICAL WORKING POC
Netapp Snapcenter < 2.7.9.7 - Insecure Deserialization
FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.
CVSS 9.8
CVE-2019-14893 NOMISEC CRITICAL WORKING POC
Fasterxml Jackson-databind < 2.8.11.5 - Information Disclosure
A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
CVSS 9.8
CVE-2019-14892 NOMISEC CRITICAL
Fasterxml Jackson-databind < 2.6.7.3 - Information Disclosure
A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code.
CVSS 9.8
CVE-2019-16335 NOMISEC CRITICAL WORKING POC
FasterXML jackson-databind <2.9.10 - Info Disclosure
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.
CVSS 9.8
CVE-2019-16942 NOMISEC CRITICAL STUB
Fasterxml Jackson-databind < 2.6.7.3 - Insecure Deserialization
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.
CVSS 9.8
CVE-2019-14540 NOMISEC CRITICAL WORKING POC
FasterXML jackson-databind <2.9.10 - Info Disclosure
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
CVSS 9.8
CVE-2019-12402 NOMISEC HIGH WRITEUP
Apache Commons Compress <1.19 - DoS
The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.
CVSS 7.5
CVE-2019-12400 NOMISEC MEDIUM WORKING POC
Apache Santuario XML Security for Java <2.0.3 - Info Disclosure
In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this implementation might be cached and re-used by Apache Santuario - XML Security for Java, leading to potential security flaws when validating signed documents, etc. The vulnerability affects Apache Santuario - XML Security for Java 2.0.x releases from 2.0.3 and all 2.1.x releases before 2.1.4.
CVSS 5.5
CVE-2019-12814 NOMISEC MEDIUM WORKING POC
Fasterxml Jackson-databind < 2.6.7.3 - Insecure Deserialization
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server.
CVSS 5.9
CVE-2019-12086 NOMISEC HIGH WORKING POC
FasterXML jackson-databind <2.9.9 - Code Injection
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.
CVSS 7.5
CVE-2019-14379 NOMISEC CRITICAL WORKING POC
FasterXML Jackson <2.9.9.2 - RCE
SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.
CVSS 9.8
CVE-2019-12384 NOMISEC MEDIUM WORKING POC
FasterXML jackson-databind <2.9.9.1 - Deserialization
FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible.
CVSS 5.9
CVE-2019-1003000 NOMISEC HIGH WRITEUP
Script Security Plugin <1.49 - RCE
A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM.
CVSS 8.8
CVE-2019-1003010 NOMISEC MEDIUM WRITEUP
Jenkins Git Plugin <3.9.1 - CSRF
A cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier in src/main/java/hudson/plugins/git/GitTagAction.java that allows attackers to create a Git tag in a workspace and attach corresponding metadata to a build record.
CVSS 4.3
CVE-2019-14439 NOMISEC HIGH WORKING POC
FasterXML jackson-databind <2.9.9.2 - Info Disclosure
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath.
CVSS 7.5