zhzyker

12 exploits Active since Mar 2018
CVE-2020-14882 NOMISEC CRITICAL WORKING POC
Oracle WebLogic Server <14.1.1.0.0 - RCE
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
4,275 stars
CVSS 9.8
CVE-2019-17558 NOMISEC HIGH WORKING POC
Apache Solr 5.0.0-8.3.1 - Remote Code Execution via Velocity Template Injection
Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/` directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting `params.resource.loader.enabled` by defining a response writer with that setting set to `true`. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is `trusted` (has been uploaded by an authenticated user).
4,275 stars
CVSS 7.5
CVE-2021-3129 NOMISEC CRITICAL WORKING POC
Ignition < 2.5.2 - Unauthenticated Remote Code Execution via file_get_contents() and file_put_contents()
Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.
161 stars
CVSS 9.8
CVE-2020-10199 NOMISEC HIGH WORKING POC
Nexus Repository Manager Java EL Injection RCE
Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).
43 stars
CVSS 8.8
CVE-2020-5902 NOMISEC CRITICAL WORKING POC
BIG-IP 11.6.1-11.6.5.1 - Remote Code Execution via TMUI Undisclosed Pages
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.
13 stars
CVSS 9.8
CVE-2020-10204 NOMISEC HIGH WORKING POC
Sonatype Nexus < 3.21.2 - Remote Code Execution
Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution.
13 stars
CVSS 7.2
CVE-2020-11444 NOMISEC HIGH WORKING POC
Sonatype Nexus Repository Manager 3.0.0-3.21.2 - Incorrect Access Control
Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control.
10 stars
CVSS 8.8
CVE-2021-3129 NOMISEC CRITICAL WORKING POC
Ignition < 2.5.2 - Unauthenticated Remote Code Execution via file_get_contents() and file_put_contents()
Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.
8 stars
CVSS 9.8
CVE-2018-7600 NOMISEC CRITICAL WORKING POC
Drupal Drupalgeddon 2 Forms API Property Injection
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
8 stars
CVSS 9.8
CVE-2021-3129 NOMISEC CRITICAL WORKING POC
Ignition < 2.5.2 - Unauthenticated Remote Code Execution via file_get_contents() and file_put_contents()
Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.
6 stars
CVSS 9.8
CVE-2020-14882 NOMISEC CRITICAL WORKING POC
Oracle WebLogic Server <14.1.1.0.0 - RCE
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVSS 9.8
CVE-2021-4034 VULNCHECK_XDB HIGH WORKING POC
Local Privilege Escalation in polkits pkexec
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
CVSS 7.8