Nomisec Exploits

21,202 exploits tracked across all sources.

Sort: Activity Stars
CVE-2017-15717 NOMISEC MEDIUM
Apache Sling Xss Protection API < 1.0.18 - XSS
A flaw in the way URLs are escaped and encoded in the org.apache.sling.xss.impl.XSSAPIImpl#getValidHref and org.apache.sling.xss.impl.XSSFilterImpl#isValidHref allows special crafted URLs to pass as valid, although they carry XSS payloads. The affected versions are Apache Sling XSS Protection API 1.0.4 to 1.0.18, Apache Sling XSS Protection API Compat 1.1.0 and Apache Sling XSS Protection API 2.0.0.
by dawetmaster
CVSS 6.1
CVE-2017-15717 NOMISEC MEDIUM
Apache Sling Xss Protection API < 1.0.18 - XSS
A flaw in the way URLs are escaped and encoded in the org.apache.sling.xss.impl.XSSAPIImpl#getValidHref and org.apache.sling.xss.impl.XSSFilterImpl#isValidHref allows special crafted URLs to pass as valid, although they carry XSS payloads. The affected versions are Apache Sling XSS Protection API 1.0.4 to 1.0.18, Apache Sling XSS Protection API Compat 1.1.0 and Apache Sling XSS Protection API 2.0.0.
by andikahilmy
CVSS 6.1
CVE-2020-13959 NOMISEC MEDIUM
Apache Velocity Tools < 3.1 - XSS
The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this payload being executed. XSS vulnerabilities allow attackers to execute arbitrary JavaScript in the context of the attacked website and the attacked user. This can be abused to steal session cookies, perform requests in the name of the victim or for phishing attacks.
by dawetmaster
CVSS 6.1
CVE-2020-13959 NOMISEC MEDIUM
Apache Velocity Tools < 3.1 - XSS
The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this payload being executed. XSS vulnerabilities allow attackers to execute arbitrary JavaScript in the context of the attacked website and the attacked user. This can be abused to steal session cookies, perform requests in the name of the victim or for phishing attacks.
by andikahilmy
CVSS 6.1
CVE-2020-36179 NOMISEC HIGH
Oracle JD Edwards Enterpriseone Tools - Insecure Deserialization
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.
by dawetmaster
CVSS 8.1
CVE-2020-36179 NOMISEC HIGH
Oracle JD Edwards Enterpriseone Tools - Insecure Deserialization
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.
by andikahilmy
CVSS 8.1
CVE-2018-19361 NOMISEC CRITICAL
FasterXML jackson-databind <2.9.8 - Deserialization
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.
by dawetmaster
CVSS 9.8
CVE-2018-19361 NOMISEC CRITICAL
FasterXML jackson-databind <2.9.8 - Deserialization
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.
by andikahilmy
CVSS 9.8
CVE-2017-2666 NOMISEC MEDIUM
Redhat Undertow < 1.3.31 - HTTP Request Smuggling
It was discovered in Undertow that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own.
by dawetmaster
CVSS 6.5
CVE-2017-2666 NOMISEC MEDIUM
Redhat Undertow < 1.3.31 - HTTP Request Smuggling
It was discovered in Undertow that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own.
by andikahilmy
CVSS 6.5
CVE-2019-12402 NOMISEC HIGH
Apache Commons Compress <1.19 - DoS
The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.
by dawetmaster
CVSS 7.5
CVE-2019-12402 NOMISEC HIGH
Apache Commons Compress <1.19 - DoS
The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.
by andikahilmy
CVSS 7.5
CVE-2013-5679 NOMISEC
Owasp Enterprise Security API < 2.1.0 - Cryptographic Issue
The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) for Java 2.x before 2.1.0 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic protection mechanisms via an attack against authenticity in the default configuration, involving a null MAC and a zero MAC length.
by dawetmaster
CVE-2013-5679 NOMISEC
Owasp Enterprise Security API < 2.1.0 - Cryptographic Issue
The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) for Java 2.x before 2.1.0 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic protection mechanisms via an attack against authenticity in the default configuration, involving a null MAC and a zero MAC length.
by andikahilmy
CVE-2016-9589 NOMISEC HIGH
Redhat Jboss Wildfly Application Server < 10.1.0 - Denial of Service
Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable to a resource exhaustion resulting in a denial of service. Undertow keeps a cache of seen HTTP headers in persistent connections. It was found that this cache can easily exploited to fill memory with garbage, up to "max-headers" (default 200) * "max-header-size" (default 1MB) per active TCP connection.
by dawetmaster
CVSS 7.5
CVE-2016-9589 NOMISEC HIGH
Redhat Jboss Wildfly Application Server < 10.1.0 - Denial of Service
Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable to a resource exhaustion resulting in a denial of service. Undertow keeps a cache of seen HTTP headers in persistent connections. It was found that this cache can easily exploited to fill memory with garbage, up to "max-headers" (default 200) * "max-header-size" (default 1MB) per active TCP connection.
by andikahilmy
CVSS 7.5
CVE-2019-16335 NOMISEC CRITICAL
FasterXML jackson-databind <2.9.10 - Info Disclosure
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.
by dawetmaster
CVSS 9.8
CVE-2019-16335 NOMISEC CRITICAL
FasterXML jackson-databind <2.9.10 - Info Disclosure
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.
by andikahilmy
CVSS 9.8
CVE-2021-31684 NOMISEC HIGH
Json-smart-v1 < 1.3.3 - Out-of-Bounds Write
A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions 1.3 and 2.4 which causes a denial of service (DOS) via a crafted web request.
by dawetmaster
CVSS 7.5
CVE-2021-31684 NOMISEC HIGH
Json-smart-v1 < 1.3.3 - Out-of-Bounds Write
A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions 1.3 and 2.4 which causes a denial of service (DOS) via a crafted web request.
by andikahilmy
CVSS 7.5
CVE-2016-9606 NOMISEC HIGH
Redhat Resteasy < 3.1.1 - Improper Input Validation
JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions.
by dawetmaster
CVSS 8.1
CVE-2016-9606 NOMISEC HIGH
Redhat Resteasy < 3.1.1 - Improper Input Validation
JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions.
by andikahilmy
CVSS 8.1
CVE-2020-26259 NOMISEC MEDIUM
XStream <1.4.15 - File Deletion
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary know files on the host as log as the executing process has sufficient rights only by manipulating the processed input stream. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.15. The reported vulnerability does not exist running Java 15 or higher. No user is affected, who followed the recommendation to setup XStream's Security Framework with a whitelist! Anyone relying on XStream's default blacklist can immediately switch to a whilelist for the allowed types to avoid the vulnerability. Users of XStream 1.4.14 or below who still want to use XStream default blacklist can use a workaround described in more detailed in the referenced advisories.
by dawetmaster
CVSS 6.8
CVE-2020-26259 NOMISEC MEDIUM
XStream <1.4.15 - File Deletion
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.15, is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling. The vulnerability may allow a remote attacker to delete arbitrary know files on the host as log as the executing process has sufficient rights only by manipulating the processed input stream. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.15. The reported vulnerability does not exist running Java 15 or higher. No user is affected, who followed the recommendation to setup XStream's Security Framework with a whitelist! Anyone relying on XStream's default blacklist can immediately switch to a whilelist for the allowed types to avoid the vulnerability. Users of XStream 1.4.14 or below who still want to use XStream default blacklist can use a workaround described in more detailed in the referenced advisories.
by andikahilmy
CVSS 6.8
CVE-2020-36180 NOMISEC HIGH
Netapp Cloud Backup < 21.1.2 - Insecure Deserialization
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.
by dawetmaster
CVSS 8.1
By Source
All 21,202 Exploitdb 50,121 Writeup 46,830 Nomisec 21,202 Metasploit 3,189 Github 2,258 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,742 c 3,550 perl 2,854 html 2,055 php 1,334 bash 459 java 360 javascript 260 c++ 247 shell 69 go 41 postscript 25 xml 24