dawetmaster

165 exploits Active since Aug 2013
CVE-2018-14718 NOMISEC CRITICAL STUB
FasterXML Jackson <2.9.7 - Code Injection
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.
CVSS 9.8
CVE-2018-14719 NOMISEC CRITICAL STUB
FasterXML jackson-databind 2.0.0-2.6.7.2 - Remote Code Execution via BlazeDS Polymorphic Deserialization
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.
CVSS 9.8
CVE-2018-14720 NOMISEC CRITICAL STUB
FasterXML jackson-databind 2.6.0-2.6.7.1 - XML External Entity Injection via Polymorphic Deserialization
FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.
CVSS 9.8
CVE-2018-14721 NOMISEC CRITICAL STUB
FasterXML jackson-databind <2.9.7 - SSRF
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.
CVSS 10.0
CVE-2018-17187 NOMISEC HIGH STUB
Apache Qpid Proton-J 0.3-0.29.0 - Improper Certificate Validation in TLS Transport Wrapper
The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl(...)' methods. Unless a verification mode was explicitly configured, client and server modes previously defaulted as documented to not verifying a peer certificate, with options to configure this explicitly or select a certificate verification mode with or without hostname verification being performed. The latter hostname verifying mode was not implemented in Apache Qpid Proton-J versions 0.3 to 0.29.0, with attempts to use it resulting in an exception. This left only the option to verify the certificate is trusted, leaving such a client vulnerable to Man In The Middle (MITM) attack. Uses of the Proton-J protocol engine which do not utilise the optional transport TLS wrapper are not impacted, e.g. usage within Qpid JMS. Uses of Proton-J utilising the optional transport TLS wrapper layer that wish to enable hostname verification must be upgraded to version 0.30.0 or later and utilise the VerifyMode#VERIFY_PEER_NAME configuration, which is now the default for client mode usage unless configured otherwise.
CVSS 7.4
CVE-2018-19360 NOMISEC CRITICAL WORKING POC
FasterXML jackson-databind <2.9.8 - Code Injection
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.
CVSS 9.8
CVE-2018-19361 NOMISEC CRITICAL WORKING POC
FasterXML jackson-databind <2.9.8 - Deserialization
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.
CVSS 9.8
CVE-2018-19362 NOMISEC CRITICAL WORKING POC
FasterXML jackson-databind <2.9.8 - Use After Free
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.
CVSS 9.8
CVE-2018-20227 NOMISEC HIGH STUB
RDF4J < 2.5.0 - Path Traversal via ZIP Archive Entry
RDF4J 2.4.2 allows Directory Traversal via ../ in an entry in a ZIP archive.
CVSS 7.5
CVE-2018-20318 NOMISEC CRITICAL STUB
.weixin-java-tools <3.2.0 - Info Disclosure
An issue was discovered in weixin-java-tools v3.2.0. There is an XXE vulnerability in the getXmlDoc method of the BaseWxPayResult.java file.
CVSS 9.8
CVE-2018-5968 NOMISEC HIGH WORKING POC
FasterXML jackson-databind <2.8.11, 2.9.x<2.9.3 - RCE
FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist.
CVSS 8.1
CVE-2018-7489 NOMISEC CRITICAL WORKING POC
jackson-databind < 2.7.9.3, 2.8.0-2.8.11.1, < 2.9.5 - Remote Code Execution via Deserialization Bypass
FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.
CVSS 9.8
CVE-2018-8030 NOMISEC HIGH STUB
Apache Qpid Broker-J 7.0.0-7.0.4 - Denial of Service via Oversized AMQP Message
A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 7.0.0-7.0.4 when AMQP protocols 0-8, 0-9 or 0-91 are used to publish messages with size greater than allowed maximum message size limit (100MB by default). The broker crashes due to the defect. AMQP protocols 0-10 and 1.0 are not affected.
CVSS 7.5
CVE-2018-9159 NOMISEC MEDIUM WORKING POC
sparkjava/spark < 2.7.2 - Path Traversal via File URL
In Spark before 2.7.2, a remote attacker can read unintended static files via various representations of absolute or relative pathnames, as demonstrated by file: URLs and directory traversal sequences. NOTE: this product is unrelated to Ignite Realtime Spark.
CVSS 5.3
CVE-2019-0201 NOMISEC MEDIUM STUB
Apache ZooKeeper 1.0.0-3.4.13 and 3.5.0-alpha-3.5.4-beta - Unauthenticated Information Disclosure via getACL() Command
An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users.
CVSS 5.9
CVE-2019-1003000 NOMISEC HIGH WRITEUP
Jenkins Script Security Plugin < 1.50 - Sandbox Bypass Remote Code Execution
A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM.
CVSS 8.8
CVE-2019-1003010 NOMISEC MEDIUM WRITEUP
Jenkins Git Plugin < 3.9.1 - Cross-Site Request Forgery in GitTagAction
A cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier in src/main/java/hudson/plugins/git/GitTagAction.java that allows attackers to create a Git tag in a workspace and attach corresponding metadata to a build record.
CVSS 4.3
CVE-2019-10219 NOMISEC MEDIUM WRITEUP
Hibernate Validator < 6.0.18 - Cross-Site Scripting via SafeHtml Validator Annotation
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
CVSS 6.1
CVE-2019-12086 NOMISEC HIGH WORKING POC
FasterXML jackson-databind <2.9.9 - Code Injection
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.
CVSS 7.5
CVE-2019-12384 NOMISEC MEDIUM WORKING POC
FasterXML jackson-databind <2.9.9.1 - Deserialization
FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible.
CVSS 5.9
CVE-2019-12400 NOMISEC MEDIUM WRITEUP
Apache Santuario XML Security for Java <2.0.3 - Info Disclosure
In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this implementation might be cached and re-used by Apache Santuario - XML Security for Java, leading to potential security flaws when validating signed documents, etc. The vulnerability affects Apache Santuario - XML Security for Java 2.0.x releases from 2.0.3 and all 2.1.x releases before 2.1.4.
CVSS 5.5
CVE-2019-12402 NOMISEC HIGH STUB
Apache Commons Compress <1.19 - DoS
The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.
CVSS 7.5
CVE-2019-12814 NOMISEC MEDIUM WORKING POC
jackson-databind 2.0.0-2.9.9 - Unauthenticated Arbitrary File Read via JDOM Polymorphic Typing
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server.
CVSS 5.9
CVE-2019-14379 NOMISEC CRITICAL WORKING POC
jackson-databind < 2.9.9.2 - Remote Code Execution via Default Typing with Ehcache
SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.
CVSS 9.8
CVE-2019-14439 NOMISEC HIGH WORKING POC
FasterXML jackson-databind <2.9.9.2 - Info Disclosure
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath.
CVSS 7.5