lp008

4 exploits Active since Dec 2019
CVE-2020-13942 NOMISEC CRITICAL WORKING POC
Apache Unomi 1.5.0-1.5.1 - Unauthenticated Remote Code Execution via /context.json Endpoint
It is possible to inject malicious OGNL or MVEL scripts into the /context.json public endpoint. This was partially fixed in 1.5.1 but a new attack vector was found. In Apache Unomi version 1.5.2 scripts are now completely filtered from the input. It is highly recommended to upgrade to the latest available version of the 1.5.x release to fix this problem.
6 stars
CVSS 9.8
CVE-2019-10758 NOMISEC CRITICAL WORKING POC
mongo-express < 0.54.0 - Remote Code Execution via toBSON Method
mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method. A misuse of the `vm` dependency to perform `exec` commands in a non-safe environment.
5 stars
CVSS 9.9
CVE-2021-25646 NOMISEC HIGH WORKING POC
Apache Druid < 0.20.0 - Authenticated Remote Code Execution via JavaScript Code Injection
Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. This functionality is intended for use in high-trust environments, and is disabled by default. However, in Druid 0.20.0 and earlier, it is possible for an authenticated user to send a specially-crafted request that forces Druid to run user-provided JavaScript code for that request, regardless of server configuration. This can be leveraged to execute code on the target machine with the privileges of the Druid server process.
2 stars
CVSS 8.8
CVE-2019-20197 NOMISEC HIGH WORKING POC
Nagios XI 5.6.9 - Authenticated OS Command Injection via schedulereport.php id Parameter
In Nagios XI 5.6.9, an authenticated user is able to execute arbitrary OS commands via shell metacharacters in the id parameter to schedulereport.php, in the context of the web-server user account.
1 stars
CVSS 8.8