pwntester

5 exploits Active since Oct 2011
CVE-2011-2894 NOMISEC WORKING POC
Vmware Spring Framework < 3.0.5 - Insecure Deserialization
Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang.Runtime class.
44 stars
CVE-2014-0094 EXPLOITDB ruby WORKING POC
Apache Struts <2.3.16.2 - RCE
The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method.
CVE-2014-0112 EXPLOITDB ruby WORKING POC
Apache Struts <2.3.20 - RCE
ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.
CVE-2014-9515 WRITEUP CRITICAL WORKING POC
Dozer - RCE
Dozer improperly uses a reflection-based approach to type conversion, which might allow remote attackers to execute arbitrary code via a crafted serialized object.
CVSS 9.8
CVE-2014-0113 EXPLOITDB ruby WORKING POC
Apache Struts <2.3.20 - RCE
CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.