jweny

8 exploits Active since Feb 2021
CVE-2020-17523 NOMISEC CRITICAL WORKING POC
Apache Shiro < 1.7.1 - Authentication Bypass via Crafted HTTP Request
Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.
119 stars
CVSS 9.8
CVE-2022-23131 NOMISEC CRITICAL WORKING POC
Zabbix 5.4.0-5.4.7 - Unauthenticated Authentication Bypass via SAML Session Spoofing
In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified. Malicious unauthenticated actor may exploit this issue to escalate privileges and gain admin access to Zabbix Frontend. To perform the attack, SAML authentication is required to be enabled and the actor has to know the username of Zabbix user (or use the guest account, which is disabled by default).
94 stars
CVSS 9.1
CVE-2022-22980 NOMISEC CRITICAL WORKING POC
Spring Data MongoDB - Code Injection
A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized.
10 stars
CVSS 9.8
CVE-2020-17523 GITHUB CRITICAL java WORKING POC
Apache Shiro < 1.7.1 - Authentication Bypass via Crafted HTTP Request
Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass.
5 stars
CVSS 9.8
CVE-2024-32002 NOMISEC CRITICAL NO CODE
Git <2.45.1-2.39.4 - Code Injection
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.
3 stars
CVSS 9.0
CVE-2024-32002 NOMISEC CRITICAL SUSPICIOUS
Git <2.45.1-2.39.4 - Code Injection
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.
3 stars
CVSS 9.0
CVE-2022-23131 NOMISEC CRITICAL WORKING POC
Zabbix 5.4.0-5.4.7 - Unauthenticated Authentication Bypass via SAML Session Spoofing
In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified. Malicious unauthenticated actor may exploit this issue to escalate privileges and gain admin access to Zabbix Frontend. To perform the attack, SAML authentication is required to be enabled and the actor has to know the username of Zabbix user (or use the guest account, which is disabled by default).
1 stars
CVSS 9.1
CVE-2022-23131 VULNCHECK_XDB CRITICAL WORKING POC
Zabbix 5.4.0-5.4.7 - Unauthenticated Authentication Bypass via SAML Session Spoofing
In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified. Malicious unauthenticated actor may exploit this issue to escalate privileges and gain admin access to Zabbix Frontend. To perform the attack, SAML authentication is required to be enabled and the actor has to know the username of Zabbix user (or use the guest account, which is disabled by default).
CVSS 9.1