dawetmaster

165 exploits Active since Aug 2013
CVE-2019-14540 NOMISEC CRITICAL WORKING POC
FasterXML jackson-databind <2.9.10 - Info Disclosure
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
CVSS 9.8
CVE-2019-14892 NOMISEC CRITICAL
jackson-databind < 2.6.7.3 - Remote Code Execution via Polymorphic Deserialization
A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code.
CVSS 9.8
CVE-2019-14893 NOMISEC CRITICAL WORKING POC
FasterXML jackson-databind < 2.9.10 - Remote Code Execution via Xalan JNDI Gadget Deserialization
A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
CVSS 9.8
CVE-2019-16335 NOMISEC CRITICAL WORKING POC
FasterXML jackson-databind <2.9.10 - Info Disclosure
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.
CVSS 9.8
CVE-2019-16942 NOMISEC CRITICAL STUB
jackson-databind 2.0.0-2.9.10 - Remote Code Execution via Polymorphic Typing
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.
CVSS 9.8
CVE-2019-16943 NOMISEC CRITICAL STUB
jackson-databind 2.0.0-2.9.10 - Remote Code Execution via P6Spy Default Typing
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.
CVSS 9.8
CVE-2019-17267 NOMISEC CRITICAL WORKING POC
FasterXML jackson-databind < 2.9.10 - Deserialization of Untrusted Data via EhcacheJtaTransactionManagerLookup
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.
CVSS 9.8
CVE-2019-17531 NOMISEC CRITICAL WORKING POC
jackson-databind 2.0.0-2.9.10 - Remote Code Execution via Polymorphic Typing with Log4j JNDI
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.
CVSS 9.8
CVE-2019-18393 NOMISEC MEDIUM STUB
Openfire < 4.4.2 - Path Traversal via PluginServlet.java
PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability.
CVSS 5.3
CVE-2019-18394 NOMISEC CRITICAL STUB
Ignite Realtime Openfire < 4.4.2 - Server-Side Request Forgery via FaviconServlet
A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests.
CVSS 9.8
CVE-2019-20330 NOMISEC CRITICAL WORKING POC
Netapp Snapcenter < 2.7.9.7 - Insecure Deserialization
FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.
CVSS 9.8
CVE-2020-10968 NOMISEC HIGH WORKING POC
FasterXML Jackson-Databind <2.9.10.4 - Code Injection
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).
CVSS 8.8
CVE-2020-10969 NOMISEC HIGH WORKING POC
jackson-databind 2.7.0-2.7.9.6 - Deserialization of Untrusted Data via javax.swing.JEditorPane
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.
CVSS 8.8
CVE-2020-11111 NOMISEC HIGH WORKING POC
FasterXML jackson-databind <2.9.10.4 - Code Injection
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).
CVSS 8.8
CVE-2020-11112 NOMISEC HIGH WORKING POC
FasterXML jackson-databind <2.9.10.4 - RCE
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).
CVSS 8.8
CVE-2020-11113 NOMISEC HIGH WORKING POC
FasterXML Jackson-Databind <2.9.10.4 - Code Injection
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).
CVSS 8.8
CVE-2020-11619 NOMISEC HIGH WORKING POC
jackson-databind 2.9.0-2.9.10.3 - Deserialization of Untrusted Data via spring-aop MethodLocatingFactoryBean
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).
CVSS 8.1
CVE-2020-11620 NOMISEC HIGH WORKING POC
jackson-databind 2.9.0-2.9.10.3 - Deserialization of Untrusted Data via commons-jelly Gadget
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).
CVSS 8.1
CVE-2020-13959 NOMISEC MEDIUM WRITEUP
Apache Velocity Tools < 3.1 - Cross-Site Scripting via URL vm File Parameter
The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this payload being executed. XSS vulnerabilities allow attackers to execute arbitrary JavaScript in the context of the attacked website and the attacked user. This can be abused to steal session cookies, perform requests in the name of the victim or for phishing attacks.
CVSS 6.1
CVE-2020-14060 NOMISEC HIGH WORKING POC
jackson-databind 2.9.0-2.9.10.4 - Deserialization of Untrusted Data via apache/drill JNDIConnectionPool
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).
CVSS 8.1
CVE-2020-14061 NOMISEC HIGH WORKING POC
jackson-databind 2.9.0-2.9.10.4 - Deserialization of Untrusted Data via Oracle AQjms Gadgets
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).
CVSS 8.1
CVE-2020-14062 NOMISEC HIGH WORKING POC
FasterXML jackson-databind 2.9.0-2.9.10.4 - Deserialization of Untrusted Data via xalan2 JNDIConnectionPool
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).
CVSS 8.1
CVE-2020-14195 NOMISEC HIGH WORKING POC
jackson-databind 2.9.0-2.9.10.4 - Deserialization of Untrusted Data via org.jsecurity.realm.jndi.JndiRealmFactory
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).
CVSS 8.1
CVE-2020-15250 NOMISEC MEDIUM STUB
JUnit4 4.7-4.13 - Local Information Disclosure via TemporaryFolder Rule
In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. This vulnerability impacts you if the JUnit tests write sensitive information, like API keys or passwords, into the temporary folder, and the JUnit tests execute in an environment where the OS has other untrusted users. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. For Java 1.7 and higher users: this vulnerability is fixed in 4.13.1. For Java 1.6 and lower users: no patch is available, you must use the workaround below. If you are unable to patch, or are stuck running on Java 1.6, specifying the `java.io.tmpdir` system environment variable to a directory that is exclusively owned by the executing user will fix this vulnerability. For more information, including an example of vulnerable code, see the referenced GitHub Security Advisory.
CVSS 4.4
CVE-2020-1695 NOMISEC HIGH WRITEUP
Resteasy 3.0.0-3.11.9 and 4.0.0-4.5.9 - HTTP Response Header Injection via Improper Input Validation
A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.
CVSS 7.5