intx0x80

8 exploits Active since Oct 2017
CVE-2021-34473 NOMISEC CRITICAL SCANNER
Microsoft Exchange ProxyShell RCE
Microsoft Exchange Server Remote Code Execution Vulnerability
47 stars
CVSS 9.1
CVE-2017-12617 GITHUB HIGH perl WORKING POC
Apache Tomcat 7.0.0-7.0.81, 8.0.0.RC1-8.0.46, 8.5.0-8.5.22, 9.0.0.M1-9.0.0 - Remote Code Execution via JSP Upload
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
1 stars
CVSS 8.1
CVE-2017-12617 GITHUB HIGH perl WORKING POC
Apache Tomcat 7.0.0-7.0.81, 8.0.0.RC1-8.0.46, 8.5.0-8.5.22, 9.0.0.M1-9.0.0 - Remote Code Execution via JSP Upload
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
CVSS 8.1
CVE-2017-12617 NOMISEC HIGH WORKING POC
Apache Tomcat 7.0.0-7.0.81, 8.0.0.RC1-8.0.46, 8.5.0-8.5.22, 9.0.0.M1-9.0.0 - Remote Code Execution via JSP Upload
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
CVSS 8.1
CVE-2017-12617 VULNCHECK_XDB HIGH WORKING POC
Apache Tomcat 7.0.0-7.0.81, 8.0.0.RC1-8.0.46, 8.5.0-8.5.22, 9.0.0.M1-9.0.0 - Remote Code Execution via JSP Upload
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
CVSS 8.1
CVE-2021-31207 PATCHAPALOOZA MEDIUM SCANNER
Microsoft Exchange Server - Security Feature Bypass via Unrestricted File Upload
Microsoft Exchange Server Security Feature Bypass Vulnerability
CVSS 6.6
CVE-2021-34523 PATCHAPALOOZA CRITICAL SCANNER
Microsoft Exchange Server - Privilege Escalation
Microsoft Exchange Server Elevation of Privilege Vulnerability
CVSS 9.0
CVE-2017-12617 EXPLOITDB HIGH python WORKING POC
Apache Tomcat 7.0.0-7.0.81, 8.0.0.RC1-8.0.46, 8.5.0-8.5.22, 9.0.0.M1-9.0.0 - Remote Code Execution via JSP Upload
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
CVSS 8.1