Brandon Perry

58 exploits Active since Aug 2005
CVE-2014-2849 METASPLOIT ruby WORKING POC
Sophos Web Appliance Firmware < 3.8.2 - Authenticated Admin Password Change
The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request.
CVE-2011-4862 METASPLOIT ruby WORKING POC
GNU inetutils < 1.9 - Remote Code Execution via Long Encryption Key
Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.
CVE-2014-2612 EXPLOITDB ruby WORKING POC
HP Release Control <9.13-9.21 - Info Disclosure
Unspecified vulnerability in HP Release Control 9.x before 9.13 p3 and 9.2x before RC 9.21.0003 p1 on Windows and 9.2x before RC 9.21.0002 p1 on Linux allows remote authenticated users to obtain sensitive information via unknown vectors.
CVE-2014-9566 EXPLOITDB text WRITEUP
Solarwinds Orion Platform <11.5 - SQL Injection
Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwinds Orion Platform 2015.1, as used in Network Performance Monitor (NPM) before 11.5, NetFlow Traffic Analyzer (NTA) before 4.1, Network Configuration Manager (NCM) before 7.3.2, IP Address Manager (IPAM) before 4.3, User Device Tracker (UDT) before 3.2, VoIP & Network Quality Manager (VNQM) before 4.2, Server & Application Manager (SAM) before 6.2, Web Performance Monitor (WPM) before 2.2, and possibly other Solarwinds products, allow remote authenticated users to execute arbitrary SQL commands via the (1) dir or (2) sort parameter to the (a) GetAccounts or (b) GetAccountGroups endpoint.
EIP-2026-116718 EXPLOITDB ruby WORKING POC
ActiveFax (ActFax) 4.3 - Client Importer Buffer Overflow (Metasploit)
CVE-2005-2103 EXPLOITDB CRITICAL text WORKING POC
Gaim < 1.5.0 - Buffer Overflow via AIM/ICQ Away Message Substitution Strings
Buffer overflow in the AIM and ICQ module in Gaim before 1.5.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an away message with a large number of AIM substitution strings, such as %t or %n.
CVSS 9.8
CVE-2014-3139 EXPLOITDB ruby WORKING POC
Unitrends Enterprise Backup 7.3.0 - Unauthenticated Authentication Bypass via SNMPD Auth Parameter
recoveryconsole/bpl/snmpd.php in Unitrends Enterprise Backup 7.3.0 allows remote attackers to bypass authentication by setting the auth parameter to a certain string.
CVE-2014-2850 EXPLOITDB ruby WORKING POC
Sophos Web Appliance Firmware < 3.8.2 - Authenticated OS Command Injection via Network Interface Address Parameter
The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter.
EIP-2026-110348 EXPLOITDB text WORKING POC
OS Solution OSProperty 2.8.0 - SQL Injection
EIP-2026-109125 EXPLOITDB text WORKING POC
LifeSize UVC 1.2.6 - (Authenticated) Remote Code Execution
CVE-2015-2562 EXPLOITDB text WORKING POC
Web-Dorado ECommerce WD for Joomla! search_category_id SQL Injection Scanner
Multiple SQL injection vulnerabilities in the Web-Dorado ECommerce WD (com_ecommercewd) component 1.2.5 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) search_category_id, (2) sort_order, or (3) filter_manufacturer_ids in a displayproducts action to index.php.
CVE-2015-2071 EXPLOITDB text WORKING POC
eTouch SamePage Enterprise Edition 4.4.0.0.239 - Authenticated Path Traversal via filepath Parameter
Directory traversal vulnerability in cm/newui/blog/export.jsp in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the filepath parameter.
EIP-2026-105090 EXPLOITDB text WORKING POC
Alienvault 4.5.0 - (Authenticated) SQL Injection (Metasploit)
CVE-2013-3631 EXPLOITDB ruby WORKING POC
NAS4Free <= 9.1.0.1.804 - Authenticated Remote Code Execution via Advanced Execute Command Feature
NAS4Free 9.1.0.1.804 and earlier allows remote authenticated users to execute arbitrary PHP code via a request to exec.php, aka the "Advanced | Execute Command" feature. NOTE: this issue might not be a vulnerability, since it appears to be part of legitimate, intentionally-exposed functionality by the developer and is allowed within the intended security policy.
CVE-2013-3591 EXPLOITDB HIGH ruby WORKING POC
vtiger CRM 5.3 and 5.4 - Unrestricted Upload of File with Dangerous Type
vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability
CVSS 8.8
CVE-2013-3629 EXPLOITDB HIGH ruby WORKING POC
ISPConfig 3.0.5.2 - Arbitrary PHP Code Execution
ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution
CVSS 8.8
CVE-2014-1610 EXPLOITDB ruby WORKING POC
MediaWiki <1.22.2/<1.21.5/<1.19.11 - RCE
MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the page parameter to includes/media/DjVu.php; (2) the w parameter (aka width field) to thumb.php, which is not properly handled by includes/media/PdfHandler_body.php; and possibly unspecified vectors in (3) includes/media/Bitmap.php and (4) includes/media/ImageHandler.php.
CVE-2014-0644 EXPLOITDB text WORKING POC
EMC Cloud Tiering Appliance 10-SP1 - XML External Entity Injection via API Login Request
EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote attackers to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, as demonstrated by reading the /etc/shadow file.
CVE-2014-4511 EXPLOITDB ruby WORKING POC
Gitlist < 0.5.0 - Remote Code Execution via Shell Metacharacters in URI
Gitlist before 0.5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name in the URI of a request for a (1) blame, (2) file, or (3) stats page, as demonstrated by requests to blame/master/, master/, and stats/master/.
CVE-2019-11703 EXPLOITDB CRITICAL text WRITEUP
Thunderbird <60.7.1 - Buffer Overflow
A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parser_get_next_char when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1.
CVSS 9.8
CVE-2019-11704 EXPLOITDB CRITICAL text WRITEUP
Thunderbird <60.7.1 - Buffer Overflow
A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in icalmemory_strdup_and_dequote when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1.
CVSS 9.8
CVE-2014-9095 EXPLOITDB ruby WORKING POC
Raritan Power IQ <4.2.1 - SQL Injection
Multiple SQL injection vulnerabilities in Raritan Power IQ 4.1.0 and 4.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to license/records.
CVE-2013-3630 EXPLOITDB ruby WORKING POC
Moodle SpellChecker Path Authenticated Remote Command Execution
Moodle through 2.5.2 allows remote authenticated administrators to execute arbitrary programs by configuring the aspell pathname and then triggering a spell-check operation within the TinyMCE editor.
CVE-2013-3628 EXPLOITDB HIGH ruby WORKING POC
Zabbix 2.0.9 - Remote Command Execution
Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability
CVSS 8.8
CVE-2013-3632 EXPLOITDB HIGH ruby WORKING POC
openmediavault - Authenticated Remote Code Execution via Cron Service Username Parameter
The Cron service in rpc.php in OpenMediaVault allows remote authenticated users to execute cron jobs as arbitrary users and execute arbitrary commands via the username parameter.
CVSS 8.8