josh

6 exploits Active since Dec 2002
CVE-2022-42889 NOMISEC CRITICAL WORKING POC
Apache Commons Text 1.5-1.9 - Remote Code Execution via String Interpolation
Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default.
CVSS 9.8
CVE-2009-3287 WRITEUP WRITEUP
Thin < 1.2.4 - IP Address Spoofing via X-Forwarded-For Header
lib/thin/connection.rb in Thin web server before 1.2.4 relies on the X-Forwarded-For header to determine the IP address of the client, which allows remote attackers to spoof the IP address and hide activities via a modified X-Forwarded-For header.
CVE-2025-66022 WRITEUP CRITICAL WRITEUP
OWASP Faction < 1.7.1 - Unauthenticated Remote Code Execution via Malicious Extension Upload
FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to version 1.7.1, an extension execution path in Faction’s extension framework permits untrusted extension code to execute arbitrary system commands on the server when a lifecycle hook is invoked, resulting in remote code execution (RCE) on the host running Faction. Due to a missing authentication check on the /portal/AppStoreDashboard endpoint, an attacker can access the extension management UI and upload a malicious extension without any authentication, making this vulnerability exploitable by unauthenticated users. This issue has been patched in version 1.7.1.
CVSS 9.6
CVE-2025-27422 WRITEUP HIGH WRITEUP
faction < 1.4.3 - Unauthenticated Privilege Escalation via User Registration
FACTION is a PenTesting Report Generation and Collaboration Framework. Authentication is bypassed when an attacker registers a new user with admin privileges. This is possible at any time without any authorization. The request must follow the validation rules (no missing information, secure password, etc) but there are no other controls stopping them. This vulnerability is fixed in 1.4.3.
CVSS 7.5
CVE-2002-2306 EXPLOITDB c WORKING POC
KaZaA Media Desktop 1.7.1 - Denial of Service via Large Messages
Sharman Networks KaZaA Media Desktop 1.7.1 allows remote attackers to cause a denial of service (CPU consumption) by sending several large messages.
EIP-2026-102998 EXPLOITDB c WORKING POC
Slackware 7.0/7.1/8.0 - Manual Page Cache File Creation