guanjivip

2 exploits Active since Dec 2015

CVE-2015-8562 NOMISEC WORKING POC

Joomla! 1.5.x-3.4.5 - Unauthenticated Remote Code Execution via HTTP User-Agent Header

Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.

View Code

CVE-2017-8046 NOMISEC CRITICAL WORKING POC

Spring Data REST < 2.6.9 and Spring Boot < 1.5.9 - Remote Code Execution via Malicious PATCH Request

Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code.

CVSS 9.8

View Code