jaychouzzk

3 exploits Active since Aug 2019
CVE-2019-5475 NOMISEC HIGH WORKING POC
Sonatype Nexus Repository Manager < 2.14.9-01 - OS Command Injection
The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data, such as the Yum Configuration Capability.
7 stars
CVSS 8.8
CVE-2019-0193 NOMISEC HIGH WORKING POC
Apache Solr < 7.7.3 - Code Injection
In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true.
1 stars
CVSS 7.2
CVE-2019-1388 NOMISEC HIGH STUB
Windows Certificate Dialog - Privilege Escalation
An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges, aka 'Windows Certificate Dialog Elevation of Privilege Vulnerability'.
CVSS 7.8