Nomisec Exploits

22,473 exploits tracked across all sources.

Sort: Activity Stars
CVE-2019-12400 NOMISEC MEDIUM
Apache Santuario XML Security for Java <2.0.3 - Info Disclosure
In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this implementation might be cached and re-used by Apache Santuario - XML Security for Java, leading to potential security flaws when validating signed documents, etc. The vulnerability affects Apache Santuario - XML Security for Java 2.0.x releases from 2.0.3 and all 2.1.x releases before 2.1.4.
by dawetmaster
CVSS 5.5
CVE-2019-12400 NOMISEC MEDIUM
Apache Santuario XML Security for Java <2.0.3 - Info Disclosure
In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this implementation might be cached and re-used by Apache Santuario - XML Security for Java, leading to potential security flaws when validating signed documents, etc. The vulnerability affects Apache Santuario - XML Security for Java 2.0.x releases from 2.0.3 and all 2.1.x releases before 2.1.4.
by andikahilmy
CVSS 5.5
CVE-2020-24750 NOMISEC HIGH
jackson-databind 2.0.0-2.9.10.5 - Deserialization of Untrusted Data via JndiConfiguration
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.
by dawetmaster
CVSS 8.1
CVE-2020-24750 NOMISEC HIGH
jackson-databind 2.0.0-2.9.10.5 - Deserialization of Untrusted Data via JndiConfiguration
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.
by andikahilmy
CVSS 8.1
CVE-2020-11619 NOMISEC HIGH
jackson-databind 2.9.0-2.9.10.3 - Deserialization of Untrusted Data via spring-aop MethodLocatingFactoryBean
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).
by dawetmaster
CVSS 8.1
CVE-2020-11619 NOMISEC HIGH
jackson-databind 2.9.0-2.9.10.3 - Deserialization of Untrusted Data via spring-aop MethodLocatingFactoryBean
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).
by andikahilmy
CVSS 8.1
CVE-2013-2186 NOMISEC
Redhat Jboss Enterprise Brms Platform - Improper Input Validation
The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance.
by dawetmaster
CVE-2013-2186 NOMISEC
Redhat Jboss Enterprise Brms Platform - Improper Input Validation
The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance.
by andikahilmy
CVE-2018-1114 NOMISEC MEDIUM
Undertow < 1.4.25.Final - File Descriptor Leak via URLResource.getLastModified()
It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak.
by dawetmaster
CVSS 6.5
CVE-2018-1114 NOMISEC MEDIUM
Undertow < 1.4.25.Final - File Descriptor Leak via URLResource.getLastModified()
It was found that URLResource.getLastModified() in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak.
by andikahilmy
CVSS 6.5
CVE-2020-14195 NOMISEC HIGH
jackson-databind 2.9.0-2.9.10.4 - Deserialization of Untrusted Data via org.jsecurity.realm.jndi.JndiRealmFactory
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).
by dawetmaster
CVSS 8.1
CVE-2020-14195 NOMISEC HIGH
jackson-databind 2.9.0-2.9.10.4 - Deserialization of Untrusted Data via org.jsecurity.realm.jndi.JndiRealmFactory
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).
by andikahilmy
CVSS 8.1
CVE-2019-14893 NOMISEC CRITICAL
FasterXML jackson-databind < 2.9.10 - Remote Code Execution via Xalan JNDI Gadget Deserialization
A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
by dawetmaster
CVSS 9.8
CVE-2019-14893 NOMISEC CRITICAL
FasterXML jackson-databind < 2.9.10 - Remote Code Execution via Xalan JNDI Gadget Deserialization
A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
by andikahilmy
CVSS 9.8
CVE-2018-14719 NOMISEC CRITICAL
FasterXML jackson-databind 2.0.0-2.6.7.2 - Remote Code Execution via BlazeDS Polymorphic Deserialization
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.
by dawetmaster
CVSS 9.8
CVE-2018-14719 NOMISEC CRITICAL
FasterXML jackson-databind 2.0.0-2.6.7.2 - Remote Code Execution via BlazeDS Polymorphic Deserialization
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.
by andikahilmy
CVSS 9.8
CVE-2020-7692 NOMISEC HIGH
Google OAuth Client Library for Java < 1.31.0 - Incorrect Authorization via Missing PKCE Implementation
PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized. An attacker is able to obtain the authorization code using a malicious app on the client-side and use it to gain authorization to the protected resource. This affects the package com.google.oauth-client:google-oauth-client before 1.31.0.
by dawetmaster
CVSS 7.4
CVE-2020-7692 NOMISEC HIGH
Google OAuth Client Library for Java < 1.31.0 - Incorrect Authorization via Missing PKCE Implementation
PKCE support is not implemented in accordance with the RFC for OAuth 2.0 for Native Apps. Without the use of PKCE, the authorization code returned by an authorization server is not enough to guarantee that the client that issued the initial authorization request is the one that will be authorized. An attacker is able to obtain the authorization code using a malicious app on the client-side and use it to gain authorization to the protected resource. This affects the package com.google.oauth-client:google-oauth-client before 1.31.0.
by andikahilmy
CVSS 7.4
CVE-2020-26217 NOMISEC HIGH
XStream < 1.4.14 - Remote Code Execution via Blocklist Bypass
XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14.
by dawetmaster
CVSS 8.0
CVE-2020-26217 NOMISEC HIGH
XStream < 1.4.14 - Remote Code Execution via Blocklist Bypass
XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14.
by andikahilmy
CVSS 8.0
CVE-2020-36186 NOMISEC HIGH
jackson-databind 2.0.0-2.9.10.7 - Deserialization of Untrusted Data
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource.
by dawetmaster
CVSS 8.1
CVE-2020-36186 NOMISEC HIGH
jackson-databind 2.0.0-2.9.10.7 - Deserialization of Untrusted Data
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource.
by andikahilmy
CVSS 8.1
CVE-2020-35490 NOMISEC HIGH
jackson-databind 2.0.0-2.9.10.7 - Deserialization of Untrusted Data
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.
by dawetmaster
CVSS 8.1
CVE-2020-35490 NOMISEC HIGH
jackson-databind 2.0.0-2.9.10.7 - Deserialization of Untrusted Data
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.
by andikahilmy
CVSS 8.1
CVE-2020-1695 NOMISEC HIGH
Resteasy 3.0.0-3.11.9 and 4.0.0-4.5.9 - HTTP Response Header Injection via Improper Input Validation
A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.
by dawetmaster
CVSS 7.5
By Source
All 22,473 Writeup 62,509 Exploitdb 50,076 Nomisec 22,473 Github 3,698 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 480 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,607 ruby 6,006 c 3,632 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 231 shell 135 go 73 postscript 25 typescript 25