Alejandro Alvarez Bravo

4 exploits Active since Aug 2013
CVE-2014-3081 EXPLOITDB text WORKING POC
IBM Global Console Manager <1.20.0.22575 Authenticated Arbitrary File Read via prodtest.php
prodtest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to read arbitrary files via the filename parameter.
CVE-2014-3080 EXPLOITDB text WORKING POC
IBM Global Console Manager <1.20.0.22575 XSS via KVM CGI or AVCT Alert Key
Multiple cross-site scripting (XSS) vulnerabilities on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to kvm.cgi or (2) the key parameter to avctalert.php.
CVE-2014-3085 EXPLOITDB text WORKING POC
IBM Global Console Manager 16 and 32 Firmware < 1.20.0.22575 - Authenticated OS Command Injection via lpres Parameter
systest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the lpres parameter.
CVE-2013-0526 EXPLOITDB text WORKING POC
IBM Avocent 1754 KVM - Command Injection
ping.php in Global Console Manager 16 (GCM16) and Global Console Manager 32 (GCM32) before 1.20.0.22575 on the IBM Avocent 1754 KVM switch allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) count or (2) size parameter.