Andreas Lindh

4 exploits Active since Apr 2016
CVE-2016-0709 EXPLOITDB HIGH ruby WORKING POC
Apache Jetspeed <2.3.1 - Path Traversal
Directory traversal vulnerability in the Import/Export function in the Portal Site Manager in Apache Jetspeed before 2.3.1 allows remote authenticated administrators to write to arbitrary files, and consequently execute arbitrary code, via a .. (dot dot) in a ZIP archive entry, as demonstrated by "../../webapps/x.jsp."
CVSS 7.2
CVE-2016-0710 METASPLOIT HIGH ruby WORKING POC
Apache Jetspeed Arbitrary File Upload
Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the (1) role or (2) user parameter to services/usermanager/users/.
CVSS 8.8
CVE-2016-0784 EXPLOITDB MEDIUM text WRITEUP
Apache OpenMeetings <3.1.1 - Path Traversal
Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1 allows remote authenticated administrators to write to arbitrary files via a .. (dot dot) in a ZIP archive entry.
CVSS 6.5
CVE-2016-0710 EXPLOITDB HIGH ruby WORKING POC
Apache Jetspeed Arbitrary File Upload
Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the (1) role or (2) user parameter to services/usermanager/users/.
CVSS 8.8