nanaao

12 exploits Active since Apr 2021
CVE-2022-0847 NOMISEC HIGH WORKING POC
Dirty Pipe Local Privilege Escalation via CVE-2022-0847
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.
3 stars
CVSS 7.8
CVE-2022-0529 NOMISEC MEDIUM WORKING POC
Unzip - Heap-Based Buffer Overflow via Crafted Zip File
A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.
2 stars
CVSS 5.5
CVE-2022-23884 NOMISEC CRITICAL WORKING POC
Mojang Bedrock Dedicated Server <1.18.2 - Code Injection
Mojang Bedrock Dedicated Server 1.18.2 is affected by an integer overflow leading to a bound check bypass caused by PurchaseReceiptPacket::_read (packet deserializer).
1 stars
CVSS 9.8
CVE-2022-21241 NOMISEC CRITICAL WORKING POC
CSV+ < 0.8.1 - Unauthenticated Cross-Site Scripting via Crafted CSV File with HTML a Tag
Cross-site scripting vulnerability in CSV+ prior to 0.8.1 allows a remote unauthenticated attacker to inject an arbitrary script or an arbitrary OS command via a specially crafted CSV file that contains HTML a tag.
CVSS 9.6
CVE-2022-33891 NOMISEC HIGH WORKING POC
Apache Spark UI - Privilege Escalation
The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow someone to perform impersonation by providing an arbitrary user name. A malicious user might then be able to reach a permission check function that will ultimately build a Unix shell command based on their input, and execute it. This will result in arbitrary shell command execution as the user Spark is currently running as. This affects Apache Spark versions 3.0.3 and earlier, versions 3.1.1 to 3.1.2, and versions 3.2.0 to 3.2.1.
CVSS 8.8
CVE-2022-30929 NOMISEC HIGH WRITEUP
Mini-Tmall v1.0 - Privilege Escalation
Mini-Tmall v1.0 is vulnerable to Insecure Permissions via tomcat-embed-jasper.
CVSS 8.8
CVE-2022-24086 NOMISEC CRITICAL WRITEUP
Adobe Commerce <2.4.3-p1, <2.3.7-p2 - RCE
Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution.
CVSS 9.8
CVE-2022-0847 NOMISEC HIGH WORKING POC
Dirty Pipe Local Privilege Escalation via CVE-2022-0847
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.
CVSS 7.8
CVE-2022-22947 NOMISEC CRITICAL WORKING POC
Spring Cloud Gateway Remote Code Execution
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.
CVSS 10.0
CVE-2022-24934 NOMISEC CRITICAL WRITEUP
Kingsoft WPS Office < 11.2.0.10382 - Remote Code Execution via Registry Modification
wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code execution by modifying HKEY_CURRENT_USER in the registry.
CVSS 9.8
CVE-2022-30190 NOMISEC HIGH WRITEUP
Microsoft Office Word MSDTJS
A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights. Please see the MSRC Blog Entry for important information about steps you can take to protect your system from this vulnerability.
CVSS 7.8
CVE-2021-29442 NOMISEC HIGH WORKING POC
Nacos < 1.4.1 - Unauthenticated Database Manipulation via Derby Endpoint
Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos before version 1.4.1, the ConfigOpsController lets the user perform management operations like querying the database or even wiping it out. While the /data/remove endpoint is properly protected with the @Secured annotation, the /derby endpoint is not protected and can be openly accessed by unauthenticated users. These endpoints are only valid when using embedded storage (derby DB) so this issue should not affect those installations using external storage (e.g. mysql)
CVSS 8.6