andikahilmy

165 exploits Active since Aug 2013
CVE-2014-3488 NOMISEC WORKING POC
Netty < 3.9.2 - Denial of Service via SSLv2Hello Message
The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted SSLv2Hello message.
CVE-2014-0050 NOMISEC WRITEUP
Apache Commons FileUpload <1.3.1 - DoS
MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.
CVE-2013-6465 NOMISEC MEDIUM WRITEUP
JBPM KIE Workbench 6.0.x - Authenticated Cross-Site Scripting via Task Name HTML Input
Multiple cross-site scripting (XSS) vulnerabilities in JBPM KIE Workbench 6.0.x allow remote authenticated users to inject arbitrary web script or HTML via vectors related to task name html inputs.
CVSS 5.4
CVE-2013-5960 NOMISEC WORKING POC
OWASP Enterprise Security API 2.0-2.1.0 - Authenticated Encryption Bypass via Ciphertext Tampering
The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) for Java 2.x before 2.1.0.1 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic protection mechanisms via an attack against the intended cipher mode in a non-default configuration, a different vulnerability than CVE-2013-5679.
CVE-2013-5679 NOMISEC WORKING POC
OWASP Enterprise Security API for Java 2.x < 2.1.0 - Authenticated-Encryption Bypass via Null MAC
The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) for Java 2.x before 2.1.0 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic protection mechanisms via an attack against authenticity in the default configuration, involving a null MAC and a zero MAC length.
CVE-2013-4517 NOMISEC WORKING POC
Apache Santuario XML Security for Java <1.5.6 - DoS
Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), related to signatures.
CVE-2013-2186 NOMISEC WRITEUP
Redhat Jboss Enterprise Brms Platform - Improper Input Validation
The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance.
CVE-2013-2172 NOMISEC WORKING POC
Apache Santuario XML Security for Java <1.4.8/1.5.5 XML Signature Spoofing
jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak "canonicalization algorithm to apply to the SignedInfo part of the Signature."
CVE-2015-5253 NOMISEC STUB
Apache CXF <2.7.18, <3.0.7, <3.1.3 - Auth Bypass
The SAML Web SSO module in Apache CXF before 2.7.18, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote authenticated users to bypass authentication via a crafted SAML response with a valid signed assertion, related to a "wrapping attack."
CVE-2015-3271 NOMISEC MEDIUM STUB
Apache Tika Server < 1.10 - Exposure of Sensitive Information via HTTP fileUrl Header
Apache Tika server (aka tika-server) in Apache Tika 1.9 might allow remote attackers to read arbitrary files via the HTTP fileUrl header.
CVSS 5.3
CVE-2015-2913 NOMISEC MEDIUM STUB
OrientDB Server Community Edition <2.0.15 and 2.1.x <2.1.1 - Information Disclosure
server/network/protocol/http/OHttpSessionManager.java in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 improperly relies on the java.util.Random class for generation of random Session ID values, which makes it easier for remote attackers to predict a value by determining the internal state of the PRNG in this class.
CVSS 5.9
CVE-2015-2912 NOMISEC HIGH STUB
OrientDB Server Community Edition <2.0.15 & <2.1.x - CSRF
The JSONP endpoint in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict callback values, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted HTTP request.
CVSS 8.8
CVE-2015-2156 NOMISEC HIGH STUB
Netty Cookie HttpOnly Flag Bypass via Improper Input Validation
Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.
CVSS 7.5
CVE-2014-7816 NOMISEC STUB
WildFly Directory Traversal
Directory traversal vulnerability in JBoss Undertow 1.0.x before 1.0.17, 1.1.x before 1.1.0.CR5, and 1.2.x before 1.2.0.Beta3, when running on Windows, allows remote attackers to read arbitrary files via a .. (dot dot) in a resource URI.
CVE-2014-3651 NOMISEC HIGH WRITEUP
Keycloak < 1.0.3 - Denial of Service via Large QR Code Size Parameter
JBoss KeyCloak before 1.0.3.Final allows remote attackers to cause a denial of service (resource consumption) via a large value in the size parameter to auth/qrcode, related to QR code generation.
CVSS 7.5