shoucheng3

136 exploits Active since Dec 2012
CVE-2019-10076 NOMISEC MEDIUM WRITEUP
Apache JSPWiki 2.9.0-2.11.0.M3 - Stored Cross-Site Scripting via Malicious Attachment
A carefully crafted malicious attachment could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking.
CVSS 6.1
CVE-2019-0225 NOMISEC HIGH WRITEUP
Apache JSPWiki 2.9.0-2.11.0.M2 - Path Traversal via Specially Crafted URL
A specially crafted url could be used to access files under the ROOT directory of the application on Apache JSPWiki 2.9.0 to 2.11.0.M2, which could be used by an attacker to obtain registered users' details.
CVSS 7.5
CVE-2019-0222 NOMISEC HIGH WORKING POC
Apache ActiveMQ <5.15.8 - Info Disclosure
In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.
CVSS 7.5
CVE-2019-0207 NOMISEC HIGH
Apache Tapestry 5.4.0-5.4.4 and tapestry-core 5.4.0-5.4.5 - Path Traversal via Backslash Character
Tapestry processes assets `/assets/ctx` using classes chain `StaticFilesFilter -> AssetDispatcher -> ContextResource`, which doesn't filter the character `\`, so attacker can perform a path traversal attack to read any files on Windows platform.
CVSS 7.5
CVE-2019-0207 NOMISEC HIGH WORKING POC
Apache Tapestry 5.4.0-5.4.4 and tapestry-core 5.4.0-5.4.5 - Path Traversal via Backslash Character
Tapestry processes assets `/assets/ctx` using classes chain `StaticFilesFilter -> AssetDispatcher -> ContextResource`, which doesn't filter the character `\`, so attacker can perform a path traversal attack to read any files on Windows platform.
CVSS 7.5
CVE-2019-0194 NOMISEC HIGH
Apache Camel 2.0.0-2.19.0 and 2.21.0-2.21.4 - Path Traversal
Apache Camel's File is vulnerable to directory traversal. Camel 2.21.0 to 2.21.3, 2.22.0 to 2.22.2, 2.23.0 and the unsupported Camel 2.x (2.19 and earlier) versions may be also affected.
CVSS 7.5
CVE-2018-1000850 NOMISEC HIGH STUB
Square Retrofit <2.5.0 - Path Traversal
Square Retrofit version versions from (including) 2.0 and 2.5.0 (excluding) contains a Directory Traversal vulnerability in RequestBuilder class, method addPathParameter that can result in By manipulating the URL an attacker could add or delete resources otherwise unavailable to her.. This attack appear to be exploitable via An attacker should have access to an encoded path parameter on POST, PUT or DELETE request.. This vulnerability appears to have been fixed in 2.5.0 and later.
CVSS 7.5
CVE-2018-1000129 NOMISEC MEDIUM WORKING POC
Jolokia 1.3.7-1.4.x - Cross-Site Scripting via HTTP Servlet
An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser.
CVSS 6.1
CVE-2018-9159 NOMISEC MEDIUM WRITEUP
sparkjava/spark < 2.7.2 - Path Traversal via File URL
In Spark before 2.7.2, a remote attacker can read unintended static files via various representations of absolute or relative pathnames, as demonstrated by file: URLs and directory traversal sequences. NOTE: this product is unrelated to Ignite Realtime Spark.
CVSS 5.3
CVE-2018-8041 NOMISEC MEDIUM STUB
Apache Camel's Mail <2.22.0 - Path Traversal
Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 2.21.1 and 2.22.0 is vulnerable to path traversal.
CVSS 5.3
CVE-2018-17297 NOMISEC HIGH WRITEUP
Hutool < 4.1.12 - Path Traversal and Arbitrary File Write via ZipUtil Unzip Function
The unzip function in ZipUtil.java in Hutool before 4.1.12 allows remote attackers to overwrite arbitrary files via directory traversal sequences in a filename within a ZIP archive.
CVSS 7.5
CVE-2018-1260 NOMISEC CRITICAL WRITEUP
Spring Security OAuth < 2.0.14, 2.3.0-2.3.2 - Remote Code Execution via Authorization Endpoint
Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization endpoint that can lead to remote code execution when the resource owner is forwarded to the approval endpoint.
CVSS 9.8
CVE-2018-12542 NOMISEC CRITICAL
Eclipse Vert.x <3.5.3 - Path Traversal
In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the StaticHandler uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\' (forward slashes) sequences that can resolve to a location that is outside of that directory when running on Windows Operating Systems.
CVSS 9.8
CVE-2018-12542 NOMISEC CRITICAL WORKING POC
Eclipse Vert.x <3.5.3 - Path Traversal
In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the StaticHandler uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\' (forward slashes) sequences that can resolve to a location that is outside of that directory when running on Windows Operating Systems.
CVSS 9.8
CVE-2018-12036 NOMISEC HIGH WRITEUP
OWASP Dependency-Check <3.2.0 - Path Traversal
OWASP Dependency-Check before 3.2.0 allows attackers to write to arbitrary files via a crafted archive that holds directory traversal filenames.
CVSS 7.8
CVE-2018-11762 NOMISEC MEDIUM
Apache Tika 0.9-1.18 - Path Traversal via Embedded File with Absolute Path
In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline (--extract-dir=) and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file.
CVSS 5.9
CVE-2018-11762 NOMISEC MEDIUM
Apache Tika 0.9-1.18 - Path Traversal via Embedded File with Absolute Path
In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline (--extract-dir=) and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file.
CVSS 5.9
CVE-2018-1047 NOMISEC MEDIUM WORKING POC
JBoss WildFly Application Server 9.x - Path Traversal via ServletResourceManager
A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files.
CVSS 5.5
CVE-2018-9159 NOMISEC MEDIUM WRITEUP
sparkjava/spark < 2.7.2 - Path Traversal via File URL
In Spark before 2.7.2, a remote attacker can read unintended static files via various representations of absolute or relative pathnames, as demonstrated by file: URLs and directory traversal sequences. NOTE: this product is unrelated to Ignite Realtime Spark.
CVSS 5.3
CVE-2018-1002202 NOMISEC MEDIUM WRITEUP
zip4j < 1.3.3 - Path Traversal via Zip Archive Entry Extraction
zip4j before 1.3.3 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
CVSS 6.5
CVE-2018-1002201 NOMISEC MEDIUM WRITEUP
zt-zip < 1.13 - Path Traversal via Zip Archive Entry Extraction
zt-zip before 1.13 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
CVSS 5.5
CVE-2018-1002200 NOMISEC MEDIUM STUB
Plexus-archiver <3.6.0 - Path Traversal
plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
CVSS 5.5
CVE-2016-5394 NOMISEC MEDIUM WRITEUP
Apache Sling XSS Protection API < 1.0.12 - Cross-Site Scripting via encodeForJSString Method
In the XSS Protection API module before 1.0.12 in Apache Sling, the encoding done by the XSSAPI.encodeForJSString() method is not restrictive enough and for some input patterns allows script tags to pass through unencoded, leading to potential XSS vulnerabilities.
CVSS 6.1
CVE-2016-10006 NOMISEC MEDIUM WORKING POC
OWASP AntiSamy < 1.5.5 - Cross-Site Scripting via Style Attribute Bypass
In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input (a tag that supports style with active content), you could bypass the library protections and supply executable code. The impact is XSS.
CVSS 6.1
CVE-2017-14735 NOMISEC MEDIUM WRITEUP
OWASP AntiSamy < 1.5.7 - Cross-Site Scripting via HTML5 Entity Encoding
OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of &colon; to construct a javascript: URL.
CVSS 6.1