r00t4dm

7 exploits Active since Nov 2015
CVE-2020-27955 NOMISEC CRITICAL WRITEUP
Git Remote Code Execution via git-lfs (CVE-2020-27955)
Git LFS 2.12.0 allows Remote Code Execution.
17 stars
CVSS 9.8
CVE-2019-17570 NOMISEC CRITICAL WORKING POC
Apache XML-RPC - Remote Code Execution via Untrusted Deserialization in XmlRpcResponseParser
An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apache XML-RPC is no longer maintained and this issue will not be fixed.
4 stars
CVSS 9.8
CVE-2017-1000353 NOMISEC CRITICAL SUSPICIOUS
Jenkins < 2.56 and < 2.46.1 - Unauthenticated Remote Code Execution via Java Deserialization
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java `SignedObject` object to the Jenkins CLI, that would be deserialized using a new `ObjectInputStream`, bypassing the existing blacklist-based protection mechanism. We're fixing this issue by adding `SignedObject` to the blacklist. We're also backporting the new HTTP CLI protocol from Jenkins 2.54 to LTS 2.46.2, and deprecating the remoting-based (i.e. Java serialization) CLI protocol, disabling it by default.
3 stars
CVSS 9.8
CVE-2018-14667 NOMISEC CRITICAL WORKING POC
RichFaces Framework 3.X-3.3.4 - Code Injection
The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects via org.ajax4jsf.resource.UserResource$UriData.
1 stars
CVSS 9.8
CVE-2019-17564 NOMISEC CRITICAL STUB
Apache Dubbo 2.5.0-2.5.9, 2.6.0-2.6.7, 2.7.0-2.7.4 - Remote Code Execution via Unsafe Java Deserialization
Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. An attacker may submit a POST request with a Java object in it to completely compromise a Provider instance of Apache Dubbo, if this instance enables HTTP. This issue affected Apache Dubbo 2.7.0 to 2.7.4, 2.6.0 to 2.6.7, and all 2.5.x versions.
CVSS 9.8
CVE-2015-8103 NOMISEC CRITICAL STUB
Jenkins CLI RMI Java Deserialization Vulnerability
The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-*.jar file and the "Groovy variant in 'ysoserial'".
CVSS 9.8
CVE-2016-9299 NOMISEC CRITICAL SUSPICIOUS
Jenkins < 2.32 and LTS < 2.19.3 - Remote Code Execution via LDAP Query Injection
The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server.
CVSS 9.8