mpgn

21 exploits Active since Sep 2011
CVE-2014-3566 NOMISEC LOW WORKING POC
SSL/TLS Version Detection
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
263 stars
CVSS 3.4
CVE-2019-0192 NOMISEC CRITICAL WORKING POC
Apache Solr 5.0.0-5.5.5 and 6.0.0-6.6.5 - Remote Code Execution via JMX Config API
In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger remote code execution on the Solr side.
210 stars
CVSS 9.8
CVE-2019-5418 NOMISEC HIGH WORKING POC
Ruby On Rails File Content Disclosure (
There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.
201 stars
CVSS 7.5
CVE-2019-19781 NOMISEC CRITICAL WORKING POC
Citrix ADC (NetScaler) Directory Traversal Scanner
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
159 stars
CVSS 9.8
CVE-2019-7238 NOMISEC CRITICAL WORKING POC
Sonatype Nexus Repository Manager <3.15.0 - Privilege Escalation
Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control.
153 stars
CVSS 9.8
CVE-2019-5418 NOMISEC HIGH WORKING POC
Ruby On Rails File Content Disclosure (
There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.
133 stars
CVSS 7.5
CVE-2014-0160 NOMISEC HIGH WORKING POC
OpenSSL 1.0.1-1.0.1f - Out-of-bounds Read via Heartbeat Extension
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
84 stars
CVSS 7.5
CVE-2011-3389 NOMISEC WORKING POC
SSL - Info Disclosure
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
80 stars
CVE-2018-17246 NOMISEC CRITICAL WORKING POC
Kibana <6.4.3, 5.6.13 - Code Injection
Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.
66 stars
CVSS 9.8
CVE-2019-7609 NOMISEC CRITICAL WORKING POC
Kibana Timelion Prototype Pollution RCE
Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.
56 stars
CVSS 10.0
CVE-2019-9580 NOMISEC MEDIUM WORKING POC
StackStorm Web UI <2.9.3, <2.10.3 - CSRF
In st2web in StackStorm Web UI before 2.9.3 and 2.10.x before 2.10.3, it is possible to bypass the CORS protection mechanism via a "null" origin value, potentially leading to XSS.
31 stars
CVSS 6.1
CVE-2019-3799 NOMISEC MEDIUM WORKING POC
Spring Cloud Config < 1.4.6 - Path Traversal via Crafted URL
Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack.
31 stars
CVSS 6.5
CVE-2012-4929 NOMISEC WORKING POC
Debian Linux - Information Disclosure via TLS Compression Length Oracle
The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack.
30 stars
CVE-2018-19276 NOMISEC CRITICAL WORKING POC
OpenMRS Java Deserialization RCE
OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a request body.
16 stars
CVSS 9.8
CVE-2019-9978 NOMISEC MEDIUM WORKING POC
Social Warfare and Social Warfare Pro < 3.5.3 - Stored Cross-Site Scripting via swp_debug Parameter
The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro.
8 stars
CVSS 6.1
CVE-2018-3760 NOMISEC HIGH WORKING POC
Redhat Cloudforms < 2.12.4 - Information Disclosure
There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is used in production. All users running an affected release should either upgrade or use one of the work arounds immediately.
8 stars
CVSS 7.5
CVE-2018-11686 NOMISEC CRITICAL WORKING POC
FlexPaper < 2.3.6 - Remote Code Execution via Publish Service
The Publish Service in FlexPaper (later renamed FlowPaper) 2.3.6 allows remote code execution via setup.php and change_config.php.
6 stars
CVSS 9.8
CVE-2018-19276 METASPLOIT CRITICAL ruby WORKING POC
OpenMRS Java Deserialization RCE
OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a request body.
CVSS 9.8
CVE-2019-5420 METASPLOIT CRITICAL ruby WORKING POC
Ruby On Rails DoubleTap Development Mode secret_key_base Vulnerability
A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit.
CVSS 9.8
CVE-2019-5420 EXPLOITDB CRITICAL ruby WORKING POC
Ruby On Rails DoubleTap Development Mode secret_key_base Vulnerability
A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit.
CVSS 9.8
CVE-2018-19276 EXPLOITDB CRITICAL ruby WORKING POC
OpenMRS Java Deserialization RCE
OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a request body.
CVSS 9.8