shoucheng3

136 exploits Active since Dec 2012
CVE-2020-8570 NOMISEC CRITICAL
Kubernetes Java Client <10.0.0 - Path Traversal
Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a maliciously crafted archive. This can potentially overwrite any files on the system of the process executing the client code.
CVSS 9.1
CVE-2020-5410 NOMISEC HIGH WRITEUP
Spring Cloud Config <2.2.3 & <2.1.9 - Path Traversal
Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack.
CVSS 7.5
CVE-2020-5405 NOMISEC MEDIUM WRITEUP
Spring Cloud Config <2.2.2 & <2.1.7 - Path Traversal
Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack.
CVSS 6.5
CVE-2020-35460 NOMISEC MEDIUM WORKING POC
Mpxj < 8.3.5 - Path Traversal
common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations.
CVSS 5.3
CVE-2020-13973 NOMISEC MEDIUM WORKING POC
Owasp Json-sanitizer < 1.2.1 - XSS
OWASP json-sanitizer before 1.2.1 allows XSS. An attacker who controls a substring of the input JSON, and controls another substring adjacent to a SCRIPT element in which the output is embedded as JavaScript, may be able to confuse the HTML parser as to where the SCRIPT element ends, and cause non-script content to be interpreted as JavaScript.
CVSS 6.1
CVE-2020-27219 NOMISEC MEDIUM WRITEUP
Eclipse Hawkbit <0.3.0M7 - Info Disclosure
In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 (Not Found) JSON response body returned by the REST API may contain unsafe characters within the path attribute. Sending a POST request to a non existing resource will return the full path from the given URL unescaped to the client.
CVSS 6.1
CVE-2020-26217 NOMISEC HIGH WORKING POC
Xstream < 1.4.14 - OS Command Injection
XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14.
CVSS 8.0
CVE-2020-2261 NOMISEC HIGH WORKING POC
Jenkins Perfecto Plugin <1.17 - Command Injection
Jenkins Perfecto Plugin 1.17 and earlier executes a command on the Jenkins controller, allowing attackers with Job/Configure permission to run arbitrary commands on the Jenkins controller
CVSS 8.8
CVE-2020-17530 NOMISEC CRITICAL
Apache Struts 2 Forced Multi OGNL Evaluation
Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25.
CVSS 9.8
CVE-2020-17519 NOMISEC HIGH WRITEUP
Apache Flink JobManager Traversal
A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process. Access is restricted to files accessible by the JobManager process. All users should upgrade to Flink 1.11.3 or 1.12.0 if their Flink instance(s) are exposed. The issue was fixed in commit b561010b0ee741543c3953306037f00d7a9f0801 from apache/flink:master.
CVSS 7.5
CVE-2020-11998 NOMISEC CRITICAL WORKING POC
Java - RCE
A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it leaves ActiveMQ open to the following attack: https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html "A remote client could create a javax.management.loading.MLet MBean and use it to create new MBeans from arbitrary URLs, at least if there is no security manager. In other words, a rogue remote client could make your Java application execute arbitrary code." Mitigation: Upgrade to Apache ActiveMQ 5.15.13
CVSS 9.8
CVE-2019-17640 NOMISEC CRITICAL WRITEUP
Eclipse Vert.x < 3.9.4 - Path Traversal
In Eclipse Vert.x 3.4.x up to 3.9.4, 4.0.0.milestone1, 4.0.0.milestone2, 4.0.0.milestone3, 4.0.0.milestone4, 4.0.0.milestone5, 4.0.0.Beta1, 4.0.0.Beta2, and 4.0.0.Beta3, StaticHandler doesn't correctly processes back slashes on Windows Operating systems, allowing, escape the webroot folder to the current working directory.
CVSS 9.8
CVE-2019-17640 NOMISEC CRITICAL
Eclipse Vert.x < 3.9.4 - Path Traversal
In Eclipse Vert.x 3.4.x up to 3.9.4, 4.0.0.milestone1, 4.0.0.milestone2, 4.0.0.milestone3, 4.0.0.milestone4, 4.0.0.milestone5, 4.0.0.Beta1, 4.0.0.Beta2, and 4.0.0.Beta3, StaticHandler doesn't correctly processes back slashes on Windows Operating systems, allowing, escape the webroot folder to the current working directory.
CVSS 9.8
CVE-2019-17573 NOMISEC MEDIUM STUB
Apache Cxf < 3.2.12 - XSS
By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack, which allows a malicious actor to inject javascript into the web page. Please note that the attack exploits a feature which is not typically not present in modern browsers, who remove dot segments before sending the request. However, Mobile applications may be vulnerable.
CVSS 6.1
CVE-2019-17572 NOMISEC MEDIUM WORKING POC
Apache Rocketmq < 4.6.0 - Path Traversal
In Apache RocketMQ 4.2.0 to 4.6.0, when the automatic topic creation in the broker is turned on by default, an evil topic like “../../../../topic2020” is sent from rocketmq-client to the broker, a topic folder will be created in the parent directory in brokers, which leads to a directory traversal vulnerability. Users of the affected versions should apply one of the following: Upgrade to Apache RocketMQ 4.6.1 or later.
CVSS 5.3
CVE-2019-10392 NOMISEC HIGH WRITEUP
Jenkins Git Client < 2.8.4 - OS Command Injection
Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection.
CVSS 8.8
CVE-2019-10219 NOMISEC MEDIUM WRITEUP
Hibernate-Validator - XSS
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
CVSS 6.1
CVE-2019-10219 NOMISEC MEDIUM WRITEUP
Hibernate-Validator - XSS
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
CVSS 6.1
CVE-2019-10089 NOMISEC MEDIUM
Apache JSPWiki <2.11.0.M4 - XSS
On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the WYSIWYG editor, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.
CVSS 6.1
CVE-2019-10089 NOMISEC MEDIUM WRITEUP
Apache JSPWiki <2.11.0.M4 - XSS
On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the WYSIWYG editor, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.
CVSS 6.1
CVE-2019-10078 NOMISEC MEDIUM WRITEUP
Apache JSPWiki <2.11.0.M3 - XSS
A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. Initial reporting indicated ReferredPagesPlugin, but further analysis showed that multiple plugins were vulnerable.
CVSS 6.1
CVE-2019-10078 NOMISEC MEDIUM WRITEUP
Apache JSPWiki <2.11.0.M3 - XSS
A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking. Initial reporting indicated ReferredPagesPlugin, but further analysis showed that multiple plugins were vulnerable.
CVSS 6.1
CVE-2019-10077 NOMISEC MEDIUM WRITEUP
Apache JSPWiki <2.11.0.M3 - XSS
A carefully crafted InterWiki link could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking.
CVSS 6.1
CVE-2019-10077 NOMISEC MEDIUM STUB
Apache JSPWiki <2.11.0.M3 - XSS
A carefully crafted InterWiki link could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking.
CVSS 6.1
CVE-2019-10076 NOMISEC MEDIUM
Apache JSPWiki <2.11.0.M3 - XSS
A carefully crafted malicious attachment could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking.
CVSS 6.1