forse01

7 exploits Active since Jun 2018
CVE-2020-17527 NOMISEC HIGH STUB
Apache Tomcat <10.0.0-M9, 9.0.39, 8.5.59 - Info Disclosure
While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests.
2 stars
CVSS 7.5
CVE-2019-17638 NOMISEC CRITICAL SUSPICIOUS
Eclipse Jetty <9.4.29 - Use After Free
In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ByteBufferPool twice. Because of this double release, two threads can acquire the same ByteBuffer from the pool and while thread1 is about to use the ByteBuffer to write response1 data, thread2 fills the ByteBuffer with other data. Thread1 then proceeds to write the buffer that now contains different data. This results in client1, which issued request1 seeing data from another request or response which could contain sensitive data belonging to client2 (HTTP session ids, authentication credentials, etc.). If the Jetty version cannot be upgraded, the vulnerability can be significantly reduced by configuring a responseHeaderSize significantly larger than the requestHeaderSize (12KB responseHeaderSize and 8KB requestHeaderSize).
1 stars
CVSS 9.4
CVE-2020-11990 NOMISEC LOW STUB
Cordova (Android) - Info Disclosure
We have resolved a security issue in the camera plugin that could have affected certain Cordova (Android) applications. An attacker who could install (or lead the victim to install) a specially crafted (or malicious) Android application would be able to access pictures taken with the app externally.
CVSS 3.3
CVE-2020-25213 NOMISEC CRITICAL STUB
WordPress File Manager Unauthenticated Remote Code Execution
The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload (or mkfile and put) command to write PHP code into the wp-content/plugins/wp-file-manager/lib/files/ directory. This was exploited in the wild in August and September 2020.
CVSS 10.0
CVE-2019-5413 NOMISEC CRITICAL STUB
morgan < 1.9.1 - Remote Code Execution via Format Parameter Injection
An attacker can use the format parameter to inject arbitrary commands in the npm package morgan < 1.9.1.
CVSS 9.8
CVE-2019-5413 NOMISEC CRITICAL STUB
morgan < 1.9.1 - Remote Code Execution via Format Parameter Injection
An attacker can use the format parameter to inject arbitrary commands in the npm package morgan < 1.9.1.
CVSS 9.8
CVE-2018-1000542 NOMISEC HIGH STUB
netbeans-mmd-plugin <=1.4.3 - SSRF/Info Disclosure/RCE
netbeans-mmd-plugin version <= 1.4.3 contains a XML External Entity (XXE) vulnerability in MMD file import that can result in Possible information disclosure, server-side request forgery, or remote code execution. This attack appear to be exploitable via Specially crafted MMD file.
CVSS 7.8