BugSec LTD

5 exploits Active since Mar 2008
CVE-2008-1230 EXPLOITDB text WRITEUP
JSPWiki 2.4.104 and 2.5.139 - Unauthenticated Arbitrary File Upload and Remote Code Execution via JSP File Attachment
Unrestricted file upload vulnerability in JSPWiki 2.4.104 and 2.5.139 allows remote attackers to upload and execute arbitrary .jsp files via an unspecified manipulation that attaches a .jsp file to an "entry page."
CVE-2008-1229 EXPLOITDB text WRITEUP
JSPWiki 2.4.104 and 2.5.139 - Cross-Site Scripting via Editor Parameter
Cross-site scripting (XSS) vulnerability in Edit.jsp in JSPWiki 2.4.104 and 2.5.139 allows remote attackers to inject arbitrary web script or HTML via the editor parameter, a different vector than CVE-2007-5120.b.
EIP-2026-110314 EXPLOITDB text WRITEUP
OpenNMS < 1.5.96 - Multiple Vulnerabilities
EIP-2026-104014 EXPLOITDB text WORKING POC
OpenNMS 1.5.x - HTTP Response Splitting
CVE-2008-1231 EXPLOITDB text WRITEUP
JSPWiki 2.4.104 and 2.5.139 - Path Traversal via Edit.jsp Editor Parameter
Directory traversal vulnerability in Edit.jsp in JSPWiki 2.4.104 and 2.5.139 allows remote attackers to include and execute arbitrary local .jsp files, and obtain sensitive information, via a .. (dot dot) in the editor parameter.