Adrian Pastor

18 exploits Active since Jan 2007
CVE-2007-6203 EXPLOITDB bash SCANNER
Apache HTTP Server 2.0.x-2.2.x - XSS
Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
CVE-2007-5105 EXPLOITDB html WORKING POC
Wordpress - XSS
Cross-site scripting (XSS) vulnerability in wp-register.php in WordPress 2.0 and 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the user_email parameter.
EIP-2026-113246 EXPLOITDB text WORKING POC
Webbler CMS 3.1.3 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-113144 EXPLOITDB bash WORKING POC
Vote! Pro 4.0 - Multiple PHP Code Execution Vulnerabilities
EIP-2026-113247 EXPLOITDB html WORKING POC
Webbler CMS 3.1.3 - Mail A Friend Open Email Relay
CVE-2007-6055 EXPLOITDB text WORKING POC
Liferay Portal <4.1.2 - XSS
Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay Portal 4.1.0 and 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter. NOTE: this issue reportedly exists because of a regression that followed a fix at an unspecified earlier date.
CVE-2007-6198 EXPLOITDB text WRITEUP
BEA AquaLogic Interaction <6.0.1.218452 - Info Disclosure
portal/server.pt in the Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 and 6.0.1.218452 allows wildcards in advanced searches for usernames, which allows remote attackers to enumerate valid usernames via the in_tx_fulltext parameter.
CVE-2007-5796 EXPLOITDB text WORKING POC
Blue Coat ProxySG <4.2.6.1, <5.2.2.5 - XSS
Cross-site scripting (XSS) vulnerability in the management console in Blue Coat ProxySG before 4.2.6.1, and 5.x before 5.2.2.5, allows remote attackers to inject arbitrary web script or HTML by modifying the URL that is used for loading Certificate Revocation Lists.
CVE-2008-5869 EXPLOITDB text WORKING POC
Proxim Wireless Tsunami MP.11 2411 - XSS
Cross-site scripting (XSS) vulnerability in the Proxim Wireless Tsunami MP.11 2411 with firmware 3.0.3 allows remote authenticated users to inject arbitrary web script or HTML via the system.sysName.0 SNMP OID.
EIP-2026-101147 EXPLOITDB text WORKING POC
3Com Wireless 8760 Dual-Radio 11a/b/g PoE - Multiple Vulnerabilities
CVE-2008-3821 EXPLOITDB text WRITEUP
Cisco IOS <12.4 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 11.0 through 12.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the ping program or (2) unspecified other aspects of the URI.
CVE-2007-6704 EXPLOITDB text WORKING POC
F5 FirePass 4100 SSL VPN <6.0.1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass 4100 SSL VPN 5.4.1 through 5.5.2 and 6.0 through 6.0.1, when pre-logon sequences are enabled, allow remote attackers to inject arbitrary web script or HTML via the query string to (1) my.activation.php3 and (2) my.logon.php3.
CVE-2007-0528 EXPLOITDB bash WORKING POC
Centrality Communications PA168 <1.54 - Info Disclosure
The admin web console implemented by the Centrality Communications (aka Aredfox) PA168 chipset and firmware 1.54 and earlier, as provided by various IP phones, does not require passwords or authentication tokens when using HTTP, which allows remote attackers to connect to existing superuser sessions and obtain sensitive information (passwords and configuration data).
CVE-2007-6270 EXPLOITDB text WRITEUP
Absolute News Manager.NET 5.1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Absolute News Manager.NET 5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) rmore parameter to xlaabsolutenm.aspx and the (2) template parameter to pages/default.aspx.
CVE-2007-6270 EXPLOITDB text WRITEUP
Absolute News Manager.NET 5.1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Absolute News Manager.NET 5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) rmore parameter to xlaabsolutenm.aspx and the (2) template parameter to pages/default.aspx.
CVE-2007-6269 EXPLOITDB text WORKING POC
Absolute News Manager.NET 5.1 - SQL Injection
Multiple SQL injection vulnerabilities in xlaabsolutenm.aspx in Absolute News Manager.NET 5.1 allow remote attackers to execute arbitrary SQL commands via the (1) z, (2) pz, (3) ord, and (4) sort parameters.
CVE-2007-6271 EXPLOITDB text WRITEUP
Absolute News Manager.NET 5.1 - Info Disclosure
Absolute News Manager.NET 5.1 allows remote attackers to obtain sensitive information via a direct request to getpath.aspx, which reveals the installation path in an error message.
CVE-2007-6268 EXPLOITDB text WORKING POC
Absolute News Manager.NET 5.1 - Path Traversal
Directory traversal vulnerability in pages/default.aspx in Absolute News Manager.NET 5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter.