nth347

10 exploits Active since Jul 2013
CVE-2021-3129 NOMISEC CRITICAL WORKING POC
Ignition < 2.5.2 - Unauthenticated Remote Code Execution via file_get_contents() and file_put_contents()
Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.
68 stars
CVSS 9.8
CVE-2020-28032 NOMISEC CRITICAL WORKING POC
WordPress < 5.5.2 - Deserialization of Untrusted Data in FilteredIterator
WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility/FilteredIterator.php.
4 stars
CVSS 9.8
CVE-2018-20148 NOMISEC CRITICAL WORKING POC
WordPress <4.9.9, 5.x <5.0.1 - Code Injection
In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could conduct PHP object injection attacks via crafted metadata in a wp.getMediaItem XMLRPC call. This is caused by mishandling of serialized data at phar:// URLs in the wp_get_attachment_thumb_file function in wp-includes/post.php.
4 stars
CVSS 9.8
CVE-2019-9081 NOMISEC WORKING POC
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
1 stars
CVE-2018-3810 NOMISEC CRITICAL WORKING POC
Smart Google Code Inserter < 3.5 - Unauthenticated Arbitrary Code Insertion via sgcgoogleanalytic Parameter
Authentication Bypass vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to insert arbitrary JavaScript or HTML code (via the sgcgoogleanalytic parameter) that runs on all pages served by WordPress. The saveGoogleCode() function in smartgooglecode.php does not check if the current request is made by an authorized user, thus allowing any unauthenticated user to successfully update the inserted code.
1 stars
CVSS 9.8
CVE-2018-12636 NOMISEC HIGH WORKING POC
iThemes Security <7.0.3 - SQL Injection
The iThemes Security (better-wp-security) plugin before 7.0.3 for WordPress allows SQL Injection (by attackers with Admin privileges) via the logs page.
1 stars
CVSS 7.2
CVE-2021-31805 NOMISEC CRITICAL STUB
Apache Struts 2.0.0-2.5.29 - Remote Code Execution via Forced OGNL Evaluation
The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag’s attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %{...} syntax. Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation.
CVSS 9.8
CVE-2020-17530 NOMISEC CRITICAL WORKING POC
Apache Struts 2 Forced Multi OGNL Evaluation
Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25.
CVSS 9.8
CVE-2013-2251 NOMISEC CRITICAL WORKING POC
Apache Archiva 1.3-1.3.8 - Remote Code Execution via OGNL Expression Injection
Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
CVSS 9.8
CVE-2019-9081 VULNCHECK_XDB WORKING POC
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none