andikahilmy

165 exploits Active since Aug 2013
CVE-2019-17531 NOMISEC CRITICAL WORKING POC
Fasterxml Jackson-databind < 2.6.7.3 - Insecure Deserialization
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.
CVSS 9.8
CVE-2018-19362 NOMISEC CRITICAL WORKING POC
FasterXML jackson-databind <2.9.8 - Use After Free
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.
CVSS 9.8
CVE-2017-9801 NOMISEC HIGH WRITEUP
Apache Commons Email <1.5 - Info Disclosure
When a call-site passes a subject for an email that contains line-breaks in Apache Commons Email 1.0 through 1.4, the caller can add arbitrary SMTP headers.
CVSS 7.5
CVE-2018-1000125 NOMISEC CRITICAL WORKING POC
inversoft prime-jwt <1.3.0 - Info Disclosure
inversoft prime-jwt version prior to version 1.3.0 or prior to commit 0d94dcef0133d699f21d217e922564adbb83a227 contains an input validation vulnerability in JWTDecoder.decode that can result in a JWT that is decoded and thus implicitly validated even if it lacks a valid signature. This attack appear to be exploitable via an attacker crafting a token with a valid header and body and then requests it to be validated. This vulnerability appears to have been fixed in 1.3.0 and later or after commit 0d94dcef0133d699f21d217e922564adbb83a227.
CVSS 9.8
CVE-2018-1000531 NOMISEC HIGH WORKING POC
Inversoft Prime-jwt < 1.3.0 - Improper Input Validation
inversoft prime-jwt version prior to commit abb0d479389a2509f939452a6767dc424bb5e6ba contains a CWE-20 vulnerability in JWTDecoder.decode that can result in an incorrect signature validation of a JWT token. This attack can be exploitable when an attacker crafts a JWT token with a valid header using 'none' as algorithm and a body to requests it be validated. This vulnerability was fixed after commit abb0d479389a2509f939452a6767dc424bb5e6ba.
CVSS 7.5
CVE-2018-1000822 NOMISEC CRITICAL WORKING POC
codelibs fess <faa265b - XSS
codelibs fess version before commit faa265b contains a XML External Entity (XXE) vulnerability in GSA XML file parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via specially crafted GSA XML files. This vulnerability appears to have been fixed in after commit faa265b.
CVSS 10.0
CVE-2018-1000844 NOMISEC CRITICAL WRITEUP
Squareup Retrofit < 2.5.0 - XXE
Square Open Source Retrofit version Prior to commit 4a693c5aeeef2be6c7ecf80e7b5ec79f6ab59437 contains a XML External Entity (XXE) vulnerability in JAXB that can result in An attacker could use this to remotely read files from the file system or to perform SSRF.. This vulnerability appears to have been fixed in After commit 4a693c5aeeef2be6c7ecf80e7b5ec79f6ab59437.
CVSS 9.1
CVE-2018-1000873 NOMISEC MEDIUM WRITEUP
Fasterxml Jackson <2.9.8 - DoS
Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8.
CVSS 6.5
CVE-2018-1002200 NOMISEC MEDIUM WRITEUP
Plexus-archiver <3.6.0 - Path Traversal
plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
CVSS 5.5
CVE-2018-1002201 NOMISEC MEDIUM WRITEUP
zt-zip <1.13 - Path Traversal
zt-zip before 1.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
CVSS 5.5
CVE-2018-10936 NOMISEC HIGH WRITEUP
postgresql-jdbc <42.2.5 - SSL Man-In-The-Middle
A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a trusted server by providing a certificate for the wrong host, as long as it was signed by a trusted CA.
CVSS 8.1
CVE-2018-1114 NOMISEC MEDIUM WRITEUP
Undertow - File Handler Leak
It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak.
CVSS 6.5
CVE-2018-11307 NOMISEC CRITICAL WORKING POC
Fasterxml Jackson-databind < 2.6.7.3 - Insecure Deserialization
An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6.
CVSS 9.8
CVE-2018-11771 NOMISEC MEDIUM STUB
Apache Commons Compress < 1.17.0 - Infinite Loop
When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17's ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. When combined with a java.io.InputStreamReader this can lead to an infinite stream, which can be used to mount a denial of service attack against services that use Compress' zip package.
CVSS 5.5
CVE-2018-12022 NOMISEC HIGH WORKING POC
FasterXML jackson-databind <2.7.9.4, 2.8.11.2, 2.9.6 - Code Injection
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.
CVSS 7.5
CVE-2018-12023 NOMISEC HIGH WORKING POC
FasterXML jackson-databind <2.7.9.4-2.8.11.2-2.9.6 - Code Injection
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.
CVSS 7.5
CVE-2018-12537 NOMISEC MEDIUM STUB
Eclipse Vert.x <3.5.1 - Code Injection
In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response.
CVSS 5.3
CVE-2018-12540 NOMISEC HIGH WORKING POC
Eclipse Vert.x <3.5.2 - CSRF
In version from 3.0.0 to 3.5.2 of Eclipse Vert.x, the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issued tokens which are not expired yet.
CVSS 8.8
CVE-2018-12541 NOMISEC MEDIUM WRITEUP
Eclipse Vert.x <3.5.3 - Memory Corruption
In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. There should be a reasonnable limit (8192 bytes) above which the WebSocket gets an HTTP response with the 413 status code and the connection gets closed.
CVSS 6.5
CVE-2018-12542 NOMISEC CRITICAL WORKING POC
Eclipse Vert.x <3.5.3 - Path Traversal
In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the StaticHandler uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\' (forward slashes) sequences that can resolve to a location that is outside of that directory when running on Windows Operating Systems.
CVSS 9.8
CVE-2018-12544 NOMISEC CRITICAL WORKING POC
Eclipse Vert.x <3.5.4 - SSRF
In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the developer uses the Eclipse Vert.x OpenAPI XML type validator to validate a provided schema.
CVSS 9.8
CVE-2018-1273 NOMISEC CRITICAL STUB
Pivotal Software Spring Data Commons < 1.12.10 - Code Injection
Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.
CVSS 9.8
CVE-2018-1274 NOMISEC HIGH STUB
Pivotal Software Spring Data Commons < 1.13.11 - Resource Allocation Without Limits
Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user (or attacker) can issue requests against Spring Data REST endpoints or endpoints using property path parsing which can cause a denial of service (CPU and memory consumption).
CVSS 7.5
CVE-2018-1306 NOMISEC HIGH WORKING POC
Apache Pluto < 3.0.1 - Information Disclosure
The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. An attacker could exploit this vulnerability to obtain configuration data and other sensitive information.
CVSS 7.5
CVE-2018-1324 NOMISEC MEDIUM STUB
Apache Commons Compress < 1.15 - Infinite Loop
A specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compress' extra field parser used by the ZipFile and ZipArchiveInputStream classes in versions 1.11 to 1.15. This can be used to mount a denial of service attack against services that use Compress' zip package.
CVSS 5.5