Brandon Perry

58 exploits Active since Aug 2005
CVE-2014-2849 METASPLOIT ruby WORKING POC
Sophos Web Appliance Firmware < 3.8.1.1 - Access Control
The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request.
CVE-2011-4862 METASPLOIT ruby WORKING POC
GNU Inetutils < 1.9 - Buffer Overflow
Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.
CVE-2014-2612 EXPLOITDB ruby WORKING POC
HP Release Control <9.13-9.21 - Info Disclosure
Unspecified vulnerability in HP Release Control 9.x before 9.13 p3 and 9.2x before RC 9.21.0003 p1 on Windows and 9.2x before RC 9.21.0002 p1 on Linux allows remote authenticated users to obtain sensitive information via unknown vectors.
CVE-2014-9566 EXPLOITDB text WRITEUP
Solarwinds Orion Platform <11.5 - SQL Injection
Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwinds Orion Platform 2015.1, as used in Network Performance Monitor (NPM) before 11.5, NetFlow Traffic Analyzer (NTA) before 4.1, Network Configuration Manager (NCM) before 7.3.2, IP Address Manager (IPAM) before 4.3, User Device Tracker (UDT) before 3.2, VoIP & Network Quality Manager (VNQM) before 4.2, Server & Application Manager (SAM) before 6.2, Web Performance Monitor (WPM) before 2.2, and possibly other Solarwinds products, allow remote authenticated users to execute arbitrary SQL commands via the (1) dir or (2) sort parameter to the (a) GetAccounts or (b) GetAccountGroups endpoint.
EIP-2026-116718 EXPLOITDB ruby WORKING POC
ActiveFax (ActFax) 4.3 - Client Importer Buffer Overflow (Metasploit)
CVE-2005-2103 EXPLOITDB CRITICAL text WORKING POC
Gaim < 1.5.0 - Buffer Overflow
Buffer overflow in the AIM and ICQ module in Gaim before 1.5.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an away message with a large number of AIM substitution strings, such as %t or %n.
CVSS 9.8
CVE-2014-3139 EXPLOITDB ruby WORKING POC
Unitrends Enterprise Backup - Authentication Bypass
recoveryconsole/bpl/snmpd.php in Unitrends Enterprise Backup 7.3.0 allows remote attackers to bypass authentication by setting the auth parameter to a certain string.
CVE-2014-2850 EXPLOITDB ruby WORKING POC
Sophos Web Appliance Firmware < 3.8.1.1 - OS Command Injection
The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter.
EIP-2026-110348 EXPLOITDB text WORKING POC
OS Solution OSProperty 2.8.0 - SQL Injection
EIP-2026-109125 EXPLOITDB text WORKING POC
LifeSize UVC 1.2.6 - (Authenticated) Remote Code Execution
CVE-2015-2562 EXPLOITDB text WORKING POC
Web-Dorado ECommerce WD for Joomla! search_category_id SQL Injection Scanner
Multiple SQL injection vulnerabilities in the Web-Dorado ECommerce WD (com_ecommercewd) component 1.2.5 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) search_category_id, (2) sort_order, or (3) filter_manufacturer_ids in a displayproducts action to index.php.
CVE-2015-2071 EXPLOITDB text WORKING POC
Etouch Samepage - Path Traversal
Directory traversal vulnerability in cm/newui/blog/export.jsp in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the filepath parameter.
EIP-2026-105090 EXPLOITDB text WORKING POC
Alienvault 4.5.0 - (Authenticated) SQL Injection (Metasploit)
CVE-2013-3631 EXPLOITDB ruby WORKING POC
Nas4free < 9.1.0.1.804 - Code Injection
NAS4Free 9.1.0.1.804 and earlier allows remote authenticated users to execute arbitrary PHP code via a request to exec.php, aka the "Advanced | Execute Command" feature. NOTE: this issue might not be a vulnerability, since it appears to be part of legitimate, intentionally-exposed functionality by the developer and is allowed within the intended security policy.
CVE-2013-3591 EXPLOITDB HIGH ruby WORKING POC
Vtiger Crm - Unrestricted File Upload
vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability
CVSS 8.8
CVE-2013-3629 EXPLOITDB HIGH ruby WORKING POC
ISPConfig 3.0.5.2 - Code Injection
ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution
CVSS 8.8
CVE-2014-1610 EXPLOITDB ruby WORKING POC
MediaWiki <1.22.2/<1.21.5/<1.19.11 - RCE
MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the page parameter to includes/media/DjVu.php; (2) the w parameter (aka width field) to thumb.php, which is not properly handled by includes/media/PdfHandler_body.php; and possibly unspecified vectors in (3) includes/media/Bitmap.php and (4) includes/media/ImageHandler.php.
CVE-2014-0644 EXPLOITDB text WORKING POC
EMC Cloud Tiering Appliance Software - Information Disclosure
EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote attackers to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, as demonstrated by reading the /etc/shadow file.
CVE-2014-4511 EXPLOITDB ruby WORKING POC
Gitlist <0.5.0 - RCE
Gitlist before 0.5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name in the URI of a request for a (1) blame, (2) file, or (3) stats page, as demonstrated by requests to blame/master/, master/, and stats/master/.
CVE-2019-11703 EXPLOITDB CRITICAL text WRITEUP
Thunderbird <60.7.1 - Buffer Overflow
A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parser_get_next_char when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1.
CVSS 9.8
CVE-2019-11704 EXPLOITDB CRITICAL text WRITEUP
Thunderbird <60.7.1 - Buffer Overflow
A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in icalmemory_strdup_and_dequote when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1.
CVSS 9.8
CVE-2014-9095 EXPLOITDB ruby WORKING POC
Raritan Power IQ <4.2.1 - SQL Injection
Multiple SQL injection vulnerabilities in Raritan Power IQ 4.1.0 and 4.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to license/records.
CVE-2013-3630 EXPLOITDB ruby WORKING POC
Moodle SpellChecker Path Authenticated Remote Command Execution
Moodle through 2.5.2 allows remote authenticated administrators to execute arbitrary programs by configuring the aspell pathname and then triggering a spell-check operation within the TinyMCE editor.
CVE-2013-3628 EXPLOITDB HIGH ruby WORKING POC
Zabbix - Injection
Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability
CVSS 8.8
CVE-2013-3632 EXPLOITDB HIGH ruby WORKING POC
Openmediavault - Access Control
The Cron service in rpc.php in OpenMediaVault allows remote authenticated users to execute cron jobs as arbitrary users and execute arbitrary commands via the username parameter.
CVSS 8.8