Nomisec Exploits
22,472 exploits tracked across all sources.
CVE-2014-0050
NOMISEC
Apache Commons FileUpload <1.3.1 - DoS
MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.
by andikahilmy
Eclipse Vert.x <3.5.3 - Memory Corruption
In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. There should be a reasonnable limit (8192 bytes) above which the WebSocket gets an HTTP response with the 413 status code and the connection gets closed.
by dawetmaster
CVSS 6.5
Eclipse Vert.x <3.5.3 - Memory Corruption
In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. There should be a reasonnable limit (8192 bytes) above which the WebSocket gets an HTTP response with the 413 status code and the connection gets closed.
by andikahilmy
CVSS 6.5
Eclipse Vert.x 3.5.Beta1-3.5.3 - XML External Entity Injection via OpenAPI XML Type Validator
In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the developer uses the Eclipse Vert.x OpenAPI XML type validator to validate a provided schema.
by dawetmaster
CVSS 9.8
Eclipse Vert.x 3.5.Beta1-3.5.3 - XML External Entity Injection via OpenAPI XML Type Validator
In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the developer uses the Eclipse Vert.x OpenAPI XML type validator to validate a provided schema.
by andikahilmy
CVSS 9.8
jackson-databind 2.0.0-2.9.10.7 - Deserialization of Untrusted Data via SharedPoolDataSource
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.
by dawetmaster
CVSS 8.1
jackson-databind 2.0.0-2.9.10.7 - Deserialization of Untrusted Data via SharedPoolDataSource
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.
by andikahilmy
CVSS 8.1
OWASP Enterprise Security API < 2.3.0.0 - Path Traversal via Validator.getValidDirectoryPath
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of `Validator.getValidDirectoryPath(String, String, File, boolean)` may incorrectly treat the tested input string as a child of the specified parent directory. This potentially could allow control-flow bypass checks to be defeated if an attack can specify the entire string representing the 'input' path. This vulnerability is patched in release 2.3.0.0 of ESAPI. As a workaround, it is possible to write one's own implementation of the Validator interface. However, maintainers do not recommend this.
by dawetmaster
CVSS 7.5
OWASP Enterprise Security API < 2.3.0.0 - Path Traversal via Validator.getValidDirectoryPath
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of `Validator.getValidDirectoryPath(String, String, File, boolean)` may incorrectly treat the tested input string as a child of the specified parent directory. This potentially could allow control-flow bypass checks to be defeated if an attack can specify the entire string representing the 'input' path. This vulnerability is patched in release 2.3.0.0 of ESAPI. As a workaround, it is possible to write one's own implementation of the Validator interface. However, maintainers do not recommend this.
by andikahilmy
CVSS 7.5
Hibernate Validator < 6.0.18 - Cross-Site Scripting via SafeHtml Validator Annotation
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
by dawetmaster
CVSS 6.1
Hibernate Validator < 6.0.18 - Cross-Site Scripting via SafeHtml Validator Annotation
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
by andikahilmy
CVSS 6.1
CVE-2013-4517
NOMISEC
Apache Santuario XML Security for Java <1.5.6 - DoS
Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), related to signatures.
by dawetmaster
CVE-2013-4517
NOMISEC
Apache Santuario XML Security for Java <1.5.6 - DoS
Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), related to signatures.
by andikahilmy
Eclipse Vert.x <3.5.1 - Code Injection
In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response.
by dawetmaster
CVSS 5.3
Eclipse Vert.x <3.5.1 - Code Injection
In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response.
by andikahilmy
CVSS 5.3
jackson-databind 2.0.0-2.9.10.7 - Deserialization of Untrusted Data via SharedPoolDataSource
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.
by dawetmaster
CVSS 8.1
jackson-databind 2.0.0-2.9.10.7 - Deserialization of Untrusted Data via SharedPoolDataSource
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.
by andikahilmy
CVSS 8.1
SnakeYAML < 1.26 - XML Entity Expansion via Alias Feature
The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.
by dawetmaster
CVSS 7.5
SnakeYAML < 1.26 - XML Entity Expansion via Alias Feature
The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.
by andikahilmy
CVSS 7.5
Apache Directory LDAP API < 1.0.2 - Exposure of Sensitive Information via TLS Handshake Bypass
In Apache Directory LDAP API before 1.0.2, a bug in the way the SSL Filter was setup made it possible for another thread to use the connection before the TLS layer has been established, if the connection has already been used and put back in a pool of connections, leading to leaking any information contained in this request (including the credentials when sending a BIND request).
by dawetmaster
CVSS 9.8
Apache Directory LDAP API < 1.0.2 - Exposure of Sensitive Information via TLS Handshake Bypass
In Apache Directory LDAP API before 1.0.2, a bug in the way the SSL Filter was setup made it possible for another thread to use the connection before the TLS layer has been established, if the connection has already been used and put back in a pool of connections, leading to leaking any information contained in this request (including the credentials when sending a BIND request).
by andikahilmy
CVSS 9.8
jackson-databind < 2.13.0 - Denial of Service via Nested Object Depth
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
by dawetmaster
CVSS 7.5
jackson-databind < 2.13.0 - Denial of Service via Nested Object Depth
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
by andikahilmy
CVSS 7.5
jackson-databind 2.0.0-2.7.9.7 - Deserialization of Untrusted Data via anteros-core Gadget
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).
by dawetmaster
CVSS 9.8
jackson-databind 2.0.0-2.7.9.7 - Deserialization of Untrusted Data via anteros-core Gadget
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).
by andikahilmy
CVSS 9.8
By Source