Showing 1 - 3 of 3

Files from David Yesland

First Active	2019-03-13
Last Active	2019-08-02

Apache Tika 1.17 Header Command Injection: Posted Aug 2, 2019; Authored by h00die, David Yesland, Tim Allison | Site metasploit.com; This Metasploit module exploits a command injection vulnerability in Apache Tika versions 1.15 through 1.17 on Windows. A file with the image/jp2 content-type is used to bypass magic byte checking. When OCR is specified in the request, parameters can be passed to change the parameters passed at command line to allow for arbitrary JScript to execute. A JScript stub is passed to execute arbitrary code. This module was verified against version 1.15 through 1.17 on Windows 2012. While the CVE and finding show more versions vulnerable, during testing it was determined only versions greater than 1.14 were exploitable due to jp2 support being added.; tags | exploit, arbitrary; systems | windows; advisories | CVE-2018-1335; SHA-256 | 1d10dcd077954ec22984a947fb2e56ca4e13c135682dadd44362021acac47063; Download | Favorite | View

Apache Axis 1.4 Remote Code Execution: Posted Apr 10, 2019; Authored by David Yesland; Apache Axis version 1.4 suffers from a remote code execution vulnerability.; tags | exploit, remote, code execution; advisories | CVE-2019-0227; SHA-256 | 43fdbd4445757874d097a1fddc91c93ec8a4d38cfb81f1581551cc008f2f8b94; Download | Favorite | View

Apache Tika Server Command Injection: Posted Mar 13, 2019; Authored by David Yesland; Apache Tika Server versions prior to 1.18 suffer from a command injection vulnerability.; tags | exploit; advisories | CVE-2018-1335; SHA-256 | 3e510c9ef27c350819032001fc731ccd140c0a63546f55368644de170fc5fdb0; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days