wjl110

26 exploits Active since Jan 2016
CVE-2019-1003000 GITHUB HIGH javascript
Jenkins Script Security Plugin < 1.50 - Sandbox Bypass Remote Code Execution
A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to execute arbitrary code on the Jenkins master JVM.
175 stars
CVSS 8.8
CVE-2015-7501 GITHUB CRITICAL javascript
Red Hat Data Grid - Remote Code Execution via Deserialization of Untrusted Data
Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
175 stars
CVSS 9.8
CVE-2016-0856 GITHUB CRITICAL javascript
Advantech WebAccess < 8.0 - Remote Code Execution via Stack-Based Buffer Overflow
Multiple stack-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors.
175 stars
CVSS 9.8
CVE-2017-11610 GITHUB HIGH javascript
Supervisor XML-RPC Authenticated Remote Code Execution
The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups.
175 stars
CVSS 8.8
CVE-2017-17408 GITHUB HIGH javascript
Bitdefender Internet Security 2018 - RCE
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within cevakrnl.xmd. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-5101.
175 stars
CVSS 8.8
CVE-2018-1273 GITHUB CRITICAL javascript
Spring Data Commons < 1.13.11 - Unauthenticated Remote Code Execution via Property Binder
Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.
175 stars
CVSS 9.8
CVE-2018-12794 GITHUB HIGH javascript
Adobe Acrobat and Reader <2018.011.20040 - RCE
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
175 stars
CVSS 8.8
CVE-2018-15473 GITHUB MEDIUM javascript
OpenSSH < 7.7 - User Enumeration via Authentication Request Timing
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
175 stars
CVSS 5.3
CVE-2018-16044 GITHUB HIGH javascript
Adobe Acrobat and Reader DC < 15.006.30457, 15.008.20082-19.008.20081 - Security Bypass
Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a security bypass vulnerability. Successful exploitation could lead to privilege escalation.
175 stars
CVSS 8.8
CVE-2018-2893 GITHUB CRITICAL javascript
Oracle WebLogic Server <12.2.1.3 - RCE
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
175 stars
CVSS 9.8
CVE-2018-4338 GITHUB MEDIUM javascript
macOS < 10.14 - Improper Input Validation
A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.
175 stars
CVSS 5.5
CVE-2018-8581 GITHUB HIGH javascript
Microsoft Exchange Server - Privilege Escalation
An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.
175 stars
CVSS 7.4
CVE-2018-8400 GITHUB HIGH javascript
Windows 10 and Windows Server 2016 - Elevation of Privilege via DirectX Graphics Kernel Memory Handling
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows 10 Servers, Windows 10. This CVE ID is unique from CVE-2018-8401, CVE-2018-8405, CVE-2018-8406.
175 stars
CVSS 7.8
CVE-2018-8401 GITHUB HIGH javascript
Windows 10 and Windows Server 2016 - Elevation of Privilege via DirectX Graphics Kernel Memory Handling
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8400, CVE-2018-8405, CVE-2018-8406.
175 stars
CVSS 7.8
CVE-2018-8405 GITHUB HIGH javascript
Windows - Elevation of Privilege via DirectX Graphics Kernel Memory Handling
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8400, CVE-2018-8401, CVE-2018-8406.
175 stars
CVSS 7.8
CVE-2018-8406 GITHUB HIGH javascript
Windows 10 and Windows Server - Elevation of Privilege via DirectX Graphics Kernel Memory Handling
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8400, CVE-2018-8401, CVE-2018-8405.
175 stars
CVSS 7.8
CVE-2019-17147 GITHUB HIGH javascript
TP-LINK TL-WR841N Firmware - Unauthenticated Remote Code Execution via Host Header Buffer Overflow
This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-LINK TL-WR841N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 80 by default. When parsing the Host request header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length static buffer. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-8457.
175 stars
CVSS 8.8
CVE-2019-3396 GITHUB CRITICAL javascript
Atlassian Confluence Widget Connector Macro Velocity Template Injection
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection.
175 stars
CVSS 9.8
CVE-2020-0558 GITHUB MEDIUM javascript
Intel PROSet/Wireless WiFi < 21.70.0.6 - Denial of Service via Kernel Mode Driver Buffer Overflow
Improper buffer restrictions in kernel mode driver for Intel(R) PROSet/Wireless WiFi products before version 21.70 on Windows 10 may allow an unprivileged user to potentially enable denial of service via adjacent access.
175 stars
CVSS 6.5
CVE-2020-0932 GITHUB HIGH javascript
Microsoft SharePoint - Remote Code Execution via Unchecked Application Package Markup
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0931, CVE-2020-0971, CVE-2020-0974.
175 stars
CVSS 8.8
CVE-2020-12027 GITHUB MEDIUM javascript
FactoryTalk View SE - Exposure of Sensitive Information via Hostname and File Path Disclosure
All versions of FactoryTalk View SE disclose the hostnames and file paths for certain files within the system. A remote, authenticated attacker may be able to leverage this information for reconnaissance efforts. Rockwell Automation recommends enabling built in security features found within FactoryTalk View SE. Users should follow guidance found in knowledge base articles 109056 and 1126943 to set up IPSec and/or HTTPs.
175 stars
CVSS 4.3
CVE-2020-16939 GITHUB HIGH javascript
Windows Group Policy - Elevation of Privilege via Improper Access Check
<p>An elevation of privilege vulnerability exists when Group Policy improperly checks access. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p> <p>To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system.</p> <p>The security update addresses the vulnerability by correcting how Group Policy checks access.</p>
175 stars
CVSS 7.8
CVE-2020-7460 GITHUB HIGH javascript
FreeBSD Race Condition in sendmsg System Call
In FreeBSD 12.1-STABLE before r363918, 12.1-RELEASE before p8, 11.4-STABLE before r363919, 11.4-RELEASE before p2, and 11.3-RELEASE before p12, the sendmsg system call in the compat32 subsystem on 64-bit platforms has a time-of-check to time-of-use vulnerability allowing a mailcious userspace program to modify control message headers after they were validation.
175 stars
CVSS 7.0
CVE-2021-26900 GITHUB HIGH javascript
Windows 10 and Windows Server 2016 - Use-After-Free in Win32k
Windows Win32k Elevation of Privilege Vulnerability
175 stars
CVSS 7.8
CVE-2021-4034 GITHUB HIGH javascript
Local Privilege Escalation in polkits pkexec
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
175 stars
CVSS 7.8