dannyEndorTest

11 exploits Active since Mar 2013
CVE-2013-1814 NOMISEC STUB
Apache Rave 0.11-0.20 - Authenticated Sensitive Information Exposure via User RPC API
The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
CVE-2018-21268 NOMISEC CRITICAL WORKING POC
traceroute < 1.0.0 - Remote Command Injection via Host Parameter
The traceroute (aka node-traceroute) package through 1.0.0 for Node.js allows remote command injection via the host parameter. This occurs because the Child.exec() method, which is considered to be not entirely safe, is used. In particular, an OS command can be placed after a newline character.
CVSS 10.0
CVE-2016-0714 NOMISEC HIGH WORKING POC
Apache Tomcat <6.0.45-9.0.0.M2 - Privilege Escalation
The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session.
CVSS 8.8
CVE-2023-29401 NOMISEC MEDIUM WORKING POC
Context.FileAttachment - Info Disclosure
The filename parameter of the Context.FileAttachment function is not properly sanitized. A maliciously crafted filename can cause the Content-Disposition header to be sent with an unexpected filename value or otherwise modify the Content-Disposition header. For example, a filename of "setup.bat&quot;;x=.txt" will be sent as a file named "setup.bat". If the FileAttachment function is called with names provided by an untrusted source, this may permit an attacker to cause a file to be served with a name different than provided. Maliciously crafted attachment file name can modify the Content-Disposition header.
CVSS 4.3
CVE-2024-10821 NOMISEC HIGH STUB
InvokeAI v5.0.1 - Unauthenticated Denial of Service via Multipart Boundary Processing
A Denial of Service (DoS) vulnerability in the multipart request boundary processing mechanism of the Invoke-AI server (version v5.0.1) allows unauthenticated attackers to cause excessive resource consumption. The server fails to handle excessive characters appended to the end of multipart boundaries, leading to an infinite loop and a complete denial of service for all users. The affected endpoint is `/api/v1/images/upload`.
CVSS 7.5
CVE-2024-12886 NOMISEC HIGH STUB
ollama 0.3.14 - Denial of Service via Gzip Bomb HTTP Response
An Out-Of-Memory (OOM) vulnerability exists in the `ollama` server version 0.3.14. This vulnerability can be triggered when a malicious API server responds with a gzip bomb HTTP response, leading to the `ollama` server crashing. The vulnerability is present in the `makeRequestWithRetry` and `getAuthorizationToken` functions, which use `io.ReadAll` to read the response body. This can result in excessive memory usage and a Denial of Service (DoS) condition.
CVSS 7.5
CVE-2021-23797 NOMISEC HIGH STUB
http-server-node - Path Traversal via --path-as-is
All versions of package http-server-node are vulnerable to Directory Traversal via use of --path-as-is.
CVSS 7.5
CVE-2020-7602 NOMISEC CRITICAL WORKING POC
node-prompt-here <= 1.0.1 - OS Command Injection via getDevices Function
node-prompt-here through 1.0.1 allows execution of arbitrary commands. The "runCommand()" is called by "getDevices()" function in file "linux/manager.js", which is required by the "index. process.env.NM_CLI" in the file "linux/manager.js". This function is used to construct the argument of function "execSync()", which can be controlled by users without any sanitization.
CVSS 9.8
CVE-2024-10821 NOMISEC HIGH STUB
InvokeAI v5.0.1 - Unauthenticated Denial of Service via Multipart Boundary Processing
A Denial of Service (DoS) vulnerability in the multipart request boundary processing mechanism of the Invoke-AI server (version v5.0.1) allows unauthenticated attackers to cause excessive resource consumption. The server fails to handle excessive characters appended to the end of multipart boundaries, leading to an infinite loop and a complete denial of service for all users. The affected endpoint is `/api/v1/images/upload`.
CVSS 7.5
CVE-2024-12886 NOMISEC HIGH STUB
ollama 0.3.14 - Denial of Service via Gzip Bomb HTTP Response
An Out-Of-Memory (OOM) vulnerability exists in the `ollama` server version 0.3.14. This vulnerability can be triggered when a malicious API server responds with a gzip bomb HTTP response, leading to the `ollama` server crashing. The vulnerability is present in the `makeRequestWithRetry` and `getAuthorizationToken` functions, which use `io.ReadAll` to read the response body. This can result in excessive memory usage and a Denial of Service (DoS) condition.
CVSS 7.5
CVE-2018-15747 NOMISEC CRITICAL
glot-www < 2018-05-19 - Remote Code Execution via Python Files Content JSON
The default configuration of glot-www through 2018-05-19 allows remote attackers to execute arbitrary code because glot-code-runner supports os.system within a "python" "files" "content" JSON file.
CVSS 9.8