mbadanoiu

62 exploits Active since Dec 2014
CVE-2019-9849 NOMISEC MEDIUM WRITEUP
LibreOffice <6.2.5 - Info Disclosure
LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed where bullet graphics were omitted from this protection prior to version 6.2.5. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5.
CVSS 4.3
CVE-2019-1332 NOMISEC MEDIUM SUSPICIOUS
Microsoft SQL Server Reporting Services - XSS
A cross-site scripting (XSS) vulnerability exists when Microsoft SQL Server Reporting Services (SSRS) does not properly sanitize a specially-crafted web request to an affected SSRS server, aka 'Microsoft SQL Server Reporting Services XSS Vulnerability'.
CVSS 6.1
CVE-2019-12401 NOMISEC HIGH SUSPICIOUS
Apache Solr 1.3.0-1.4.1, 3.1.0-3.6.2, 4.0.0-4.10.4 - XML Entity Expansion via Update Handler
Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack (a.k.a. Lol Bomb) via it’s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern that will expand when the server parses the XML causing OOMs.
CVSS 7.5
CVE-2019-11287 NOMISEC HIGH SUSPICIOUS
RabbitMQ 3.7.0-3.7.20 and 3.8.0 - Denial of Service via X-Reason HTTP Header Format String
Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason" HTTP Header can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing.
CVSS 7.5
CVE-2019-10092 NOMISEC MEDIUM SUSPICIOUS
Apache HTTP Server 2.4.0-2.4.39 - Cross-Site Scripting in mod_proxy Error Page
In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.
CVSS 6.1
CVE-2019-6111 NOMISEC MEDIUM WRITEUP
OpenSSH < 7.9 - Arbitrary File Write via Malicious SCP Server
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).
CVSS 5.9
CVE-2019-14678 NOMISEC CRITICAL SUSPICIOUS
SAS XML Mapper 9.45 - XML External Entity Injection
SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Service attacks. This vulnerability also affects the XMLV2 LIBNAME engine when the AUTOMAP option is used.
CVSS 10.0
CVE-2019-14224 NOMISEC HIGH WRITEUP
Alfresco Community Edition 5.2 - RCE
An issue was discovered in Alfresco Community Edition 5.2 201707. By leveraging multiple components in the Alfresco Software applications, an exploit chain was observed that allows an attacker to achieve remote code execution on the victim machine. The attacker must upload malicious Solr configuration files and then receive a JMX connection from the victim, and serve a Java object that results in deserialization and code execution.
CVSS 7.2
CVE-2019-14223 NOMISEC MEDIUM SUSPICIOUS
Alfresco Community Edition <5.2.6, 6.0.N, 6.1.N - Open Redirect
An issue was discovered in Alfresco Community Edition versions below 5.2.6, 6.0.N and 6.1.N. The Alfresco Share application is vulnerable to an Open Redirect attack via a crafted POST request. By manipulating the POST parameters, an attacker can redirect a victim to a malicious website over any protocol the attacker desires (e.g.,http, https, ftp, smb, etc.).
CVSS 6.1
CVE-2019-12409 NOMISEC CRITICAL WRITEUP
Apache Solr 8.1.1-8.2.0 - Unauthenticated Remote Code Execution via Insecure JMX Configuration
The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure setting for the ENABLE_REMOTE_JMX_OPTS configuration option in the default solr.in.sh configuration file shipping with Solr. If you use the default solr.in.sh file from the affected releases, then JMX monitoring will be enabled and exposed on RMI_PORT (default=18983), without any authentication. If this port is opened for inbound traffic in your firewall, then anyone with network access to your Solr nodes will be able to access JMX, which may in turn allow them to upload malicious code for execution on the Solr server.
CVSS 9.8
CVE-2019-14222 NOMISEC CRITICAL WRITEUP
Alfresco Community Edition <=6.0 - Auth Bypass
An issue was discovered in Alfresco Community Edition versions 6.0 and lower. An unauthenticated, remote attacker could authenticate to Alfresco's Solr Web Admin Interface. The vulnerability is due to the presence of a default private key that is present in all default installations. An attacker could exploit this vulnerability by using the extracted private key and bundling it into a PKCS12. A successful exploit could allow the attacker to gain information about the target system (e.g., OS type, system file locations, Java version, Solr version, etc.) as well as the ability to launch further attacks by leveraging the access to Alfresco's Solr Web Admin Interface.
CVSS 9.8
CVE-2014-5284 NOMISEC WORKING POC
OSSEC < 2.8.0 - Privilege Escalation via Predictable Temporary File Handling
host-deny.sh in OSSEC before 2.8.1 writes to temporary files with predictable filenames without verifying ownership, which allows local users to modify access restrictions in hosts.deny and gain root privileges by creating the temporary files before automatic IP blocking is performed.