Andrew Fasano

10 exploits Active since Mar 2017
CVE-2016-8024 EXPLOITDB HIGH python WORKING POC
Intel Security VSEL <2.0.3 - Info Disclosure
Improper neutralization of CRLF sequences in HTTP headers vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to obtain sensitive information via the server HTTP response spoofing.
CVSS 8.1
CVE-2016-8023 EXPLOITDB HIGH python WORKING POC
Intel Security VSEL <2.0.3 - Auth Bypass
Authentication bypass by assumed-immutable data vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to bypass server authentication via a crafted authentication cookie.
CVSS 8.1
CVE-2016-8022 EXPLOITDB HIGH python WORKING POC
McAfee VirusScan Enterprise Linux < 2.0.3 - Authentication Bypass via Crafted Cookie
Authentication bypass by spoofing vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to execute arbitrary code or cause a denial of service via a crafted authentication cookie.
CVSS 7.5
CVE-2016-8021 EXPLOITDB MEDIUM python WORKING POC
Intel Security VirusScan Enterprise Linux <2.0.3 - RCE
Improper verification of cryptographic signature vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to spoof update server and execute arbitrary code via a crafted input file.
CVSS 5.0
CVE-2016-8020 EXPLOITDB HIGH python WORKING POC
Intel Security VirusScan Enterprise Linux <2.0.3 - Code Injection
Improper control of generation of code vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to execute arbitrary code via a crafted HTTP request parameter.
CVSS 8.0
CVE-2016-8019 EXPLOITDB MEDIUM python WORKING POC
McAfee VirusScan Enterprise Linux < 2.0.3 - Unauthenticated Cross-Site Scripting via Crafted User Input
Cross-site scripting (XSS) vulnerability in attributes in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows unauthenticated remote attackers to inject arbitrary web script or HTML via a crafted user input.
CVSS 6.1
CVE-2016-8018 EXPLOITDB MEDIUM python WORKING POC
McAfee VirusScan Enterprise Linux < 2.0.3 - Authenticated Cross-Site Request Forgery
Cross-site request forgery (CSRF) vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to execute unauthorized commands via a crafted user input.
CVSS 4.3
CVE-2016-8017 EXPLOITDB MEDIUM python WORKING POC
Intel Security VSEL <2.0.3 - Code Injection
Special element injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to read files on the webserver via a crafted user input.
CVSS 4.1
CVE-2016-8016 EXPLOITDB LOW python WORKING POC
Intel Security VirusScan Enterprise Linux <2.0.3 - Info Disclosure
Information exposure in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows authenticated remote attackers to obtain the existence of unauthorized files on the system via a URL parameter.
CVSS 3.4
CVE-2016-8025 EXPLOITDB MEDIUM python WORKING POC
Intel Security VSEL <2.0.3 - Info Disclosure
SQL injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to obtain product information via a crafted HTTP request parameter.
CVSS 6.2