Brandon Perry

58 exploits Active since Aug 2005
CVE-2011-4862 EXPLOITDB ruby WORKING POC
GNU inetutils < 1.9 - Remote Code Execution via Long Encryption Key
Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.
CVE-2014-3138 EXPLOITDB text WORKING POC
Xerox DocuShare - Authenticated SQL Injection via PATH_INFO to ResultBackgroundJobMultiple
SQL injection vulnerability in Xerox DocuShare before 6.53 Patch 6 Hotfix 2, 6.6.1 Update 1 before Hotfix 24, and 6.6.1 Update 2 before Hotfix 3 allows remote authenticated users to execute arbitrary SQL commands via the PATH_INFO to /docushare/dsweb/ResultBackgroundJobMultiple/. NOTE: some of these details are obtained from third party information.
CVE-2014-9000 EXPLOITDB text WORKING POC
Mule Enterprise Management Console - Privilege Escalation
Mule Enterprise Management Console (MMC) does not properly restrict access to handler/securityService.rpc, which allows remote authenticated users to gain administrator privileges and execute arbitrary code via a crafted request that adds a new user. NOTE: this issue was originally reported for ESB Runtime 3.5.1, but it originates in MMC.
CVE-2014-2588 EXPLOITDB text WRITEUP
McAfee Asset Manager 6.6 - Path Traversal
Directory traversal vulnerability in servlet/downloadReport in McAfee Asset Manager 6.6 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the reportFileName parameter.
CVE-2014-3220 EXPLOITDB ruby WORKING POC
F5 BIG-IQ Cloud and Security 4.0.0-4.1.0 - Authenticated Arbitrary Password Change via User Name Parameter
F5 BIG-IQ Cloud and Security 4.0.0 through 4.1.0 allows remote authenticated users to change the password of arbitrary users via the name parameter in a request to the user's page in mgmt/shared/authz/users/.
EIP-2026-100785 EXPLOITDB ruby WORKING POC
Device42 WAN Emulator 2.3 - Ping Command Injection (Metasploit)
EIP-2026-100786 EXPLOITDB ruby WORKING POC
Device42 WAN Emulator 2.3 - Traceroute Command Injection (Metasploit)
CVE-2011-4862 EXPLOITDB ruby WORKING POC
GNU inetutils < 1.9 - Remote Code Execution via Long Encryption Key
Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.