Brandon Perry

58 exploits Active since Aug 2005
CVE-2013-7392 EXPLOITDB ruby WORKING POC
Gitlist - Remote Code Execution via Shell Metacharacters in File Name
Gitlist allows remote attackers to execute arbitrary commands via shell metacharacters in a file name to Source/.
CVE-2014-2937 EXPLOITDB ruby WORKING POC
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-3220. Reason: This candidate is a reservation duplicate of CVE-2014-3220. Notes: All CVE users should reference CVE-2014-3220 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
CVE-2015-2070 EXPLOITDB text WORKING POC
eTouch SamePage Enterprise Edition 4.4.0.0.239 - SQL Injection via catId Parameter
SQL injection vulnerability in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote attackers to execute arbitrary SQL commands via the catId parameter to cm/blogrss/feed.
CVE-2014-2849 EXPLOITDB ruby WORKING POC
Sophos Web Appliance Firmware < 3.8.2 - Authenticated Admin Password Change
The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request.
CVE-2014-2587 EXPLOITDB text WRITEUP
McAfee Asset Manager 6.6 - SQL Injection
SQL injection vulnerability in jsp/reports/ReportsAudit.jsp in McAfee Asset Manager 6.6 allows remote authenticated users to execute arbitrary SQL commands via the username of an audit report (aka user parameter).
CVE-2014-2586 EXPLOITDB text WRITEUP
McAfee Cloud Single Sign On - Stored Cross-Site Scripting via Login Audit Form Password Field
Cross-site scripting (XSS) vulnerability in the login audit form in McAfee Cloud Single Sign On (SSO) allows remote attackers to inject arbitrary web script or HTML via a crafted password.
CVE-2014-3008 EXPLOITDB ruby WORKING POC
Unitrends Enterprise Backup 7.3.0 - Authenticated OS Command Injection via SNMPD Comm Parameter
Unitrends Enterprise Backup 7.3.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the comm parameter to recoveryconsole/bpl/snmpd.php.
CVE-2013-3617 METASPLOIT ruby WORKING POC
Openbravo ERP <= 3.0 - Authenticated XML External Entity Injection via /ws/dal/XXX Interfaces
The XML API in Openbravo ERP 2.5, 3.0, and earlier allows remote authenticated users to read arbitrary files via an XML document with an external entity declaration in conjunction with an entity reference to /ws/dal/ADUser or other /ws/dal/XXX interfaces, related to an XML External Entity (XXE) issue.
CVE-2015-0922 METASPLOIT ruby WORKING POC
McAfee ePolicy Orchestrator < 4.6.9 and 5.x < 5.1.2 - Authenticated Credential Exposure via Shared Secret Key
McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 uses the same secret key across different customers' installations, which allows attackers to obtain the administrator password by leveraging knowledge of the encrypted password.
CVE-2014-7981 METASPLOIT ruby WORKING POC
Joomla! 3.1.x-3.2.x - SQL Injection
SQL injection vulnerability in Joomla! CMS 3.1.x and 3.2.x before 3.2.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-2238 METASPLOIT ruby WORKING POC
MantisBT 1.2.13-1.2.16 - Authenticated SQL Injection via filter_config_id Parameter
SQL injection vulnerability in the manage configuration page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.16 allows remote authenticated administrators to execute arbitrary SQL commands via the filter_config_id parameter.
CVE-2013-5967 METASPLOIT ruby WORKING POC
AlienVault OSSIM < 4.3 - SQL Injection via RadarReport Date Parameter
Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.3 and earlier allow remote attackers to execute arbitrary SQL commands via the date_from parameter to (1) radar-iso27001-potential.php, (2) radar-iso27001-A12IS_acquisition-pot.php, (3) radar-iso27001-A11AccessControl-pot.php, (4) radar-iso27001-A10Com_OP_Mgnt-pot.php, or (5) radar-pci-potential.php in RadarReport/.
CVE-2014-9566 METASPLOIT ruby WORKING POC
Solarwinds Orion Platform <11.5 - SQL Injection
Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwinds Orion Platform 2015.1, as used in Network Performance Monitor (NPM) before 11.5, NetFlow Traffic Analyzer (NTA) before 4.1, Network Configuration Manager (NCM) before 7.3.2, IP Address Manager (IPAM) before 4.3, User Device Tracker (UDT) before 3.2, VoIP & Network Quality Manager (VNQM) before 4.2, Server & Application Manager (SAM) before 6.2, Web Performance Monitor (WPM) before 2.2, and possibly other Solarwinds products, allow remote authenticated users to execute arbitrary SQL commands via the (1) dir or (2) sort parameter to the (a) GetAccounts or (b) GetAccountGroups endpoint.
CVE-2014-0644 METASPLOIT ruby WORKING POC
EMC Cloud Tiering Appliance 10-SP1 - XML External Entity Injection via API Login Request
EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote attackers to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, as demonstrated by reading the /etc/shadow file.
CVE-2014-3704 METASPLOIT ruby WORKING POC
Drupal 7.0-7.31 - SQL Injection via Array Key in Database API
The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.
CVE-2013-3632 METASPLOIT HIGH ruby WORKING POC
openmediavault - Authenticated Remote Code Execution via Cron Service Username Parameter
The Cron service in rpc.php in OpenMediaVault allows remote authenticated users to execute cron jobs as arbitrary users and execute arbitrary commands via the username parameter.
CVSS 8.8
CVE-2014-1610 METASPLOIT ruby WORKING POC
MediaWiki <1.22.2/<1.21.5/<1.19.11 - RCE
MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the page parameter to includes/media/DjVu.php; (2) the w parameter (aka width field) to thumb.php, which is not properly handled by includes/media/PdfHandler_body.php; and possibly unspecified vectors in (3) includes/media/Bitmap.php and (4) includes/media/ImageHandler.php.
CVE-2013-3631 METASPLOIT ruby WORKING POC
NAS4Free <= 9.1.0.1.804 - Authenticated Remote Code Execution via Advanced Execute Command Feature
NAS4Free 9.1.0.1.804 and earlier allows remote authenticated users to execute arbitrary PHP code via a request to exec.php, aka the "Advanced | Execute Command" feature. NOTE: this issue might not be a vulnerability, since it appears to be part of legitimate, intentionally-exposed functionality by the developer and is allowed within the intended security policy.
CVE-2013-3591 METASPLOIT HIGH ruby WORKING POC
vtiger CRM 5.3 and 5.4 - Unrestricted Upload of File with Dangerous Type
vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability
CVSS 8.8
CVE-2013-3628 METASPLOIT HIGH ruby WORKING POC
Zabbix 2.0.9 - Remote Command Execution
Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability
CVSS 8.8
CVE-2013-3629 METASPLOIT HIGH ruby WORKING POC
ISPConfig 3.0.5.2 - Arbitrary PHP Code Execution
ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution
CVSS 8.8
CVE-2013-4341 METASPLOIT ruby WORKING POC
Moodle < 2.2.11, 2.3.x < 2.3.9, 2.4.x < 2.4.6, 2.5.x < 2.5.2 - Cross-Site Scripting via RSS Feed Blog Link
Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 allow remote attackers to inject arbitrary web script or HTML via a crafted blog link within an RSS feed.
CVE-2012-10043 METASPLOIT CRITICAL ruby WORKING POC
ActFax Server <4.32 - Buffer Overflow
A stack-based buffer overflow vulnerability exists in ActFax Server version 4.32, specifically in the "Import Users from File" functionality of the client interface. The application fails to properly validate the length of tab-delimited fields in .exp files, leading to unsafe usage of strcpy() during CSV parsing. An attacker can exploit this vulnerability by crafting a malicious .exp file and importing it using the default character set "ECMA-94 / Latin 1 (ISO 8859)". Successful exploitation may result in arbitrary code execution, leading to full system compromise. User interaction is required to trigger the vulnerability.
CVE-2011-4862 METASPLOIT ruby WORKING POC
GNU inetutils < 1.9 - Remote Code Execution via Long Encryption Key
Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.
CVE-2014-4511 METASPLOIT ruby WORKING POC
Gitlist < 0.5.0 - Remote Code Execution via Shell Metacharacters in URI
Gitlist before 0.5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name in the URI of a request for a (1) blame, (2) file, or (3) stats page, as demonstrated by requests to blame/master/, master/, and stats/master/.