shoucheng3

136 exploits Active since Dec 2012
CVE-2017-1000487 NOMISEC CRITICAL WRITEUP
Plexus-utils <3.0.16 - Command Injection
Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings.
CVSS 9.8
CVE-2016-9177 NOMISEC HIGH
Spark 2.5 - Path Traversal
Directory traversal vulnerability in Spark 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
CVSS 7.5
CVE-2016-9177 NOMISEC HIGH WRITEUP
Spark 2.5 - Path Traversal
Directory traversal vulnerability in Spark 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
CVSS 7.5
CVE-2016-6812 NOMISEC MEDIUM STUB
Apache Cxf < 3.0.11 - XSS
The HTTP transport module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 uses FormattedServiceListWriter to provide an HTML page which lists the names and absolute URL addresses of the available service endpoints. The module calculates the base URL using the current HttpServletRequest. The calculated base URL is used by FormattedServiceListWriter to build the service endpoint absolute URLs. If the unexpected matrix parameters have been injected into the request URL then these matrix parameters will find their way back to the client in the services list page which represents an XSS risk to the client.
CVSS 6.1
CVE-2016-10726 NOMISEC HIGH WRITEUP
Duraspace Dspace < 3.6 - Path Traversal
The XMLUI feature in DSpace before 3.6, 4.x before 4.5, and 5.x before 5.5 allows directory traversal via the themes/ path in an attack with two or more arbitrary characters and a colon before a pathname, as demonstrated by a themes/Reference/aa:etc/passwd URI.
CVSS 7.5
CVE-2013-7285 NOMISEC CRITICAL STUB
Xstream API <1.4.6, 1.4.10 - RCE
Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote attacker to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. e.g. JSON.
CVSS 9.8
CVE-2011-2732 NOMISEC
Vmware Springsource Spring Security < 2.0.6 - Code Injection
CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter.
CVE-2014-7816 NOMISEC STUB
WildFly Directory Traversal
Directory traversal vulnerability in JBoss Undertow 1.0.x before 1.0.17, 1.1.x before 1.1.0.CR5, and 1.2.x before 1.2.0.Beta3, when running on Windows, allows remote attackers to read arbitrary files via a .. (dot dot) in a resource URI.
CVE-2014-3656 NOMISEC MEDIUM STUB
Redhat Jboss Keycloak < 1.1.0.Beta1 - XSS
JBoss KeyCloak: XSS in login-status-iframe.html
CVSS 6.1
CVE-2014-3576 NOMISEC HIGH WORKING POC
Apache Activemq < 5.10.0 - Access Control
The processControlCommand function in broker/TransportConnection.java in Apache ActiveMQ before 5.11.0 allows remote attackers to cause a denial of service (shutdown) via a shutdown command.
CVSS 7.5
CVE-2011-4367 NOMISEC STUB
Apache MyFaces Core <2.0.12, <2.1.6 - Path Traversal
Multiple directory traversal vulnerabilities in MyFaces JavaServer Faces (JSF) in Apache MyFaces Core 2.0.x before 2.0.12 and 2.1.x before 2.1.6 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) ln parameter to faces/javax.faces.resource/web.xml or (2) the PATH_INFO to faces/javax.faces.resource/.