Nomisec Exploits
21,202 exploits tracked across all sources.
Netapp Cloud Backup < 21.1.2 - Insecure Deserialization
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.
by andikahilmy
CVSS 8.1
Plexus-utils <3.0.16 - Command Injection
Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings.
by dawetmaster
CVSS 9.8
Plexus-utils <3.0.16 - Command Injection
Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings.
by andikahilmy
CVSS 9.8
Fasterxml Jackson-databind < 2.9.10.5 - Insecure Deserialization
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).
by dawetmaster
CVSS 8.1
Fasterxml Jackson-databind < 2.9.10.5 - Insecure Deserialization
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).
by andikahilmy
CVSS 8.1
OrientDB Server Community Edition <2.0.15 and 2.1.x <2.1.1 - Information Disclosure
server/network/protocol/http/OHttpSessionManager.java in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 improperly relies on the java.util.Random class for generation of random Session ID values, which makes it easier for remote attackers to predict a value by determining the internal state of the PRNG in this class.
by dawetmaster
CVSS 5.9
OrientDB Server Community Edition <2.0.15 and 2.1.x <2.1.1 - Information Disclosure
server/network/protocol/http/OHttpSessionManager.java in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 improperly relies on the java.util.Random class for generation of random Session ID values, which makes it easier for remote attackers to predict a value by determining the internal state of the PRNG in this class.
by andikahilmy
CVSS 5.9
FasterXML Jackson <2.9.10.4 - RCE
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.
by dawetmaster
CVSS 8.8
FasterXML Jackson <2.9.10.4 - RCE
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.
by andikahilmy
CVSS 8.8
CVE-2013-5960
NOMISEC
Owasp Enterprise Security API < 2.1.0.1 - Cryptographic Issue
The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) for Java 2.x before 2.1.0.1 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic protection mechanisms via an attack against the intended cipher mode in a non-default configuration, a different vulnerability than CVE-2013-5679.
by dawetmaster
CVE-2013-5960
NOMISEC
Owasp Enterprise Security API < 2.1.0.1 - Cryptographic Issue
The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) for Java 2.x before 2.1.0.1 does not properly resist tampering with serialized ciphertext, which makes it easier for remote attackers to bypass intended cryptographic protection mechanisms via an attack against the intended cipher mode in a non-default configuration, a different vulnerability than CVE-2013-5679.
by andikahilmy
Netapp Snapcenter < 2.7.9.7 - Insecure Deserialization
FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.
by dawetmaster
CVSS 9.8
Netapp Snapcenter < 2.7.9.7 - Insecure Deserialization
FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.
by andikahilmy
CVSS 9.8
Undertow <2.0.0.Alpha2,<1.4.17.Final,<1.3.31.Final - SSRF
In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and 1.3.x before 1.3.31.Final, it was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own.
by dawetmaster
CVSS 6.1
Undertow <2.0.0.Alpha2,<1.4.17.Final,<1.3.31.Final - SSRF
In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and 1.3.x before 1.3.31.Final, it was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own.
by andikahilmy
CVSS 6.1
Apache Cxf Fediz < 1.2.3 - Improper Access Control
The application plugins in Apache CXF Fediz 1.2.x before 1.2.3 and 1.3.x before 1.3.1 do not match SAML AudienceRestriction values against configured audience URIs, which might allow remote attackers to have bypass intended restrictions and have unspecified other impact via a crafted SAML token with a trusted signature.
by dawetmaster
CVSS 9.8
Apache Cxf Fediz < 1.2.3 - Improper Access Control
The application plugins in Apache CXF Fediz 1.2.x before 1.2.3 and 1.3.x before 1.3.1 do not match SAML AudienceRestriction values against configured audience URIs, which might allow remote attackers to have bypass intended restrictions and have unspecified other impact via a crafted SAML token with a trusted signature.
by andikahilmy
CVSS 9.8
Compress - Memory Corruption
When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' sevenz package.
by dawetmaster
CVSS 7.5
Compress - Memory Corruption
When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' sevenz package.
by andikahilmy
CVSS 7.5
FasterXML jackson-databind <2.9.10.6 - RCE
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).
by dawetmaster
CVSS 8.1
FasterXML jackson-databind <2.9.10.6 - RCE
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).
by andikahilmy
CVSS 8.1
Fasterxml Jackson-databind < 2.8.11.5 - Insecure Deserialization
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.
by dawetmaster
CVSS 9.8
Fasterxml Jackson-databind < 2.8.11.5 - Insecure Deserialization
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.
by andikahilmy
CVSS 9.8
Plexus-archiver <3.6.0 - Path Traversal
plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
by dawetmaster
CVSS 5.5
Plexus-archiver <3.6.0 - Path Traversal
plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.
by andikahilmy
CVSS 5.5
By Source