tarantula-team - Security Researcher - Exploit Intelligence Platform

CVE-2019-12949 NOMISEC MEDIUM WORKING POC

pfSense 2.4.4-p2 and 2.4.4-p3 - Authenticated Remote Code Execution via XSS in diag_command.php and rrd_fetch_json.php

In pfSense 2.4.4-p2 and 2.4.4-p3, if it is possible to trick an authenticated administrator into clicking on a button on a phishing page, an attacker can leverage XSS to upload arbitrary executable code, via diag_command.php and rrd_fetch_json.php (timePeriod parameter), to a server. Then, the remote attacker can run any command with root privileges on that server.

26 stars

CVSS 6.1

View Code

CVE-2019-12541 NOMISEC MEDIUM WORKING POC

ManageEngine ServiceDesk Plus 9.3 - Stored Cross-Site Scripting via SolutionSearch.do searchText Parameter

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SolutionSearch.do searchText parameter.

CVSS 6.1

View Code

CVE-2019-12542 NOMISEC MEDIUM WORKING POC

ManageEngine ServiceDesk Plus 9.3 - Cross-Site Scripting via SearchN.do userConfigID Parameter

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do userConfigID parameter.

CVSS 6.1

View Code

CVE-2019-12543 NOMISEC MEDIUM WORKING POC

Zoho ManageEngine ServiceDesk Plus 9.3 - Stored Cross-Site Scripting via PurchaseRequest.do serviceRequestId Parameter

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the PurchaseRequest.do serviceRequestId parameter.

CVSS 6.1

View Code

CVE-2019-19012 NOMISEC CRITICAL WORKING POC

Oniguruma <6.9.4_rc2 - Memory Corruption

An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression.

CVSS 9.8

View Code

CVE-2019-19203 NOMISEC HIGH WORKING POC

Oniguruma 6.x <6.9.4_rc2 - Memory Corruption

An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read.

CVSS 7.5

View Code

CVE-2019-12538 NOMISEC MEDIUM WORKING POC

Zoho ManageEngine ServiceDesk Plus 9.3 - Cross-Site Scripting via SiteLookup.do Search Field

An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SiteLookup.do search field.

CVSS 6.1

View Code

CVE-2019-19204 NOMISEC HIGH WORKING POC

Oniguruma <6.9.4_rc2 - Buffer Overflow

An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read.

CVSS 7.5

View Code