motikan2010

12 exploits Active since Jun 2013
CVE-2020-5398 NOMISEC HIGH WORKING POC
Spring Framework 5.0.0-5.0.15, 5.1.0-5.1.12, 5.2.0-5.2.2 - Reflected File Download via Content-Disposition Header
In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input.
87 stars
CVSS 7.5
CVE-2021-29447 NOMISEC HIGH WORKING POC
WordPress 5.6.0-5.7.0 - Authenticated XML External Entity Injection via Media Library File Upload
Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has been patched in WordPress version 5.7.1, along with the older affected versions via a minor release. We strongly recommend you keep auto-updates enabled.
43 stars
CVSS 7.1
CVE-2023-6063 NOMISEC HIGH WORKING POC
WordPress WP Fastest Cache Unauthenticated SQLi (CVE-2023-6063)
The WP Fastest Cache WordPress plugin before 1.2.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users.
29 stars
CVSS 7.5
CVE-2023-23924 NOMISEC CRITICAL WORKING POC
dompdf < 2.0.2 - Arbitrary Object Unserialize via SVG Image Tag Bypass
Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing `<image>` tags with uppercase letters. This may lead to arbitrary object unserialize on PHP < 8, through the `phar` URL wrapper. An attacker can exploit the vulnerability to call arbitrary URL with arbitrary protocols, if they can provide a SVG file to dompdf. In PHP versions before 8.0.0, it leads to arbitrary unserialize, that will lead to the very least to an arbitrary file deletion and even remote code execution, depending on classes that are available.
9 stars
CVSS 10.0
CVE-2019-10092 NOMISEC MEDIUM WORKING POC
Apache HTTP Server 2.4.0-2.4.39 - Cross-Site Scripting in mod_proxy Error Page
In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.
5 stars
CVSS 6.1
CVE-2017-8809 NOMISEC CRITICAL WORKING POC
MediaWiki < 1.27.4, 1.28.x < 1.28.3, 1.29.x < 1.29.2 - Reflected File Download via api.php
api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a Reflected File Download vulnerability.
5 stars
CVSS 9.8
CVE-2023-6553 NOMISEC CRITICAL WORKING POC
WordPress Backup Migration Plugin PHP Filter Chain RCE
The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated attackers to easily execute code on the server.
4 stars
CVSS 9.8
CVE-2021-29447 NOMISEC HIGH STUB
WordPress 5.6.0-5.7.0 - Authenticated XML External Entity Injection via Media Library File Upload
Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has been patched in WordPress version 5.7.1, along with the older affected versions via a minor release. We strongly recommend you keep auto-updates enabled.
4 stars
CVSS 7.1
CVE-2020-5236 NOMISEC MEDIUM WORKING POC
Waitress 1.4.2 - Denial of Service via Invalid Header Character Processing
Waitress version 1.4.2 allows a DOS attack When waitress receives a header that contains invalid characters. When a header like "Bad-header: xxxxxxxxxxxxxxx\x10" is received, it will cause the regular expression engine to catastrophically backtrack causing the process to use 100% CPU time and blocking any other interactions. This allows an attacker to send a single request with an invalid header and take the service offline. This issue was introduced in version 1.4.2 when the regular expression was updated to attempt to match the behaviour required by errata associated with RFC7230. The regular expression that is used to validate incoming headers has been updated in version 1.4.3, it is recommended that people upgrade to the new version of Waitress as soon as possible.
4 stars
CVSS 5.7
CVE-2020-27223 NOMISEC MEDIUM WORKING POC
Eclipse Jetty 9.4.6-9.4.36, 10.0.0, 11.0.0 - Denial of Service via Multiple Accept Headers with Quality Parameters
In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.
3 stars
CVSS 5.2
CVE-2021-34646 NOMISEC CRITICAL WORKING POC
Booster for WooCommerce <= 5.4.3 - Authentication Bypass via Email Verification Token Weakness
Versions up to, and including, 5.4.3, of the Booster for WooCommerce WordPress plugin are vulnerable to authentication bypass via the process_email_verification function due to a random token generation weakness in the reset_and_mail_activation_link function found in the ~/includes/class-wcj-emails-verification.php file. This allows attackers to impersonate users and trigger an email address verification for arbitrary accounts, including administrative accounts, and automatically be logged in as that user, including any site administrators. This requires the Email Verification module to be active in the plugin and the Login User After Successful Verification setting to be enabled, which it is by default.
2 stars
CVSS 9.8
CVE-2013-3651 NOMISEC WORKING POC
LOCKON EC-CUBE 2.11.2-2.12.4 - Remote PHP Code Injection via Crafted String
LOCKON EC-CUBE 2.11.2 through 2.12.4 allows remote attackers to conduct unspecified PHP code-injection attacks via a crafted string, related to data/class/SC_CheckError.php and data/class/SC_FormParam.php.
2 stars