Bernhard Mueller

13 exploits Active since Oct 2005
CVE-2014-6271 EXPLOITDB CRITICAL text WRITEUP
Apache mod_cgi Bash Environment Variable Code Injection (Shellshock)
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
CVSS 9.8
CVE-2009-0880 METASPLOIT ruby WORKING POC
IBM Director < 5.20.3 - Remote Code Execution via CIM Server Path Traversal
Directory traversal vulnerability in the CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to load and execute arbitrary local DLL code via a .. (dot dot) in a /CIMListener/ URI in an M-POST request.
CVE-2014-9436 EXPLOITDB text WORKING POC
SysAid On-Premise <14.4.2 - Path Traversal
Absolute path traversal vulnerability in SysAid On-Premise before 14.4.2 allows remote attackers to read arbitrary files via a \\\\ (four backslashes) in the fileName parameter to getRdsLogFile.
CVE-2009-0880 EXPLOITDB ruby WORKING POC
IBM Director < 5.20.3 - Remote Code Execution via CIM Server Path Traversal
Directory traversal vulnerability in the CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to load and execute arbitrary local DLL code via a .. (dot dot) in a /CIMListener/ URI in an M-POST request.
CVE-2009-0880 EXPLOITDB perl WORKING POC
IBM Director < 5.20.3 - Remote Code Execution via CIM Server Path Traversal
Directory traversal vulnerability in the CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to load and execute arbitrary local DLL code via a .. (dot dot) in a /CIMListener/ URI in an M-POST request.
CVE-2009-0879 EXPLOITDB text WRITEUP
IBM Director < 5.20.3 - Denial of Service via Long Consumer Name
The CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to cause a denial of service (daemon crash) via a long consumer name, as demonstrated by an M-POST request to a long /CIMListener/ URI.
CVE-2005-3550 EXPLOITDB text WRITEUP
toendaCMS < 0.6.1 - Directory Traversal via id_user Parameter
Directory traversal vulnerability in admin.php in toendaCMS before 0.6.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the id_user parameter.
CVE-2014-8008 EXPLOITDB text WRITEUP
Cisco Unified Communications Manager - Authenticated Absolute Path Traversal via RTMT API
Absolute path traversal vulnerability in the Real-Time Monitoring Tool (RTMT) API in Cisco Unified Communications Manager (CUCM) allows remote authenticated users to read arbitrary files via a full pathname in an API command, aka Bug ID CSCur49414.
CVE-2006-2341 EXPLOITDB perl WORKING POC
Symantec Enterprise Firewall 8.0 / Gateway Security 2.0.1-3.0 - Internal IP Address Exposure
The HTTP proxy in Symantec Gateway Security 5000 Series 2.0.1 and 3.0, and Enterprise Firewall 8.0, when NAT is being used, allows remote attackers to determine internal IP addresses by using malformed HTTP requests, as demonstrated using a get request without a space separating the URI.
CVE-2012-4528 EXPLOITDB text WORKING POC
Trustwave ModSecurity < 2.7.0 - Rule Bypass via Malformed Multipart Request
The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
CVE-2007-5740 EXPLOITDB text WORKING POC
Perdition Mail Retrieval Proxy < 1.17 - Remote Code Execution via IMAP Tag Format String Injection
The format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1.17 and earlier allows remote attackers to execute arbitrary code via an IMAP tag with a null byte followed by a format string specifier, which is not counted by the mechanism.
EIP-2026-102536 EXPLOITDB text WRITEUP
Sybase EAServer 6.3.1 - Multiple Vulnerabilities
CVE-2005-3329 EXPLOITDB text WORKING POC
RSA Authentication Agent for Web < 5.3 - Cross-Site Scripting via Image Parameter in GetPic Operation
Cross-site scripting (XSS) vulnerability in RSA Authentication Agent for Web 5.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the image parameter in a GetPic operation.