Chris Graham

8 exploits Active since Jan 2014
CVE-2013-5014 METASPLOIT ruby WORKING POC
Symantec Endpoint Protection Manager < 11.0.7405.1424 and 12.1 < 12.1.4023.4080 - XML External Entity Injection
The management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2013-5015 EXPLOITDB ruby WORKING POC
Symantec Endpoint Protection Manager 11.0-11.0.7405.1424 and 12.1-12.1.4023.4080 - Authenticated SQL Injection
SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-5014 EXPLOITDB python WORKING POC
Symantec Endpoint Protection Manager < 11.0.7405.1424 and 12.1 < 12.1.4023.4080 - XML External Entity Injection
The management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2013-5015 METASPLOIT ruby WORKING POC
Symantec Endpoint Protection Manager 11.0-11.0.7405.1424 and 12.1-12.1.4023.4080 - Authenticated SQL Injection
SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-5015 EXPLOITDB python WORKING POC
Symantec Endpoint Protection Manager 11.0-11.0.7405.1424 and 12.1-12.1.4023.4080 - Authenticated SQL Injection
SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-5014 EXPLOITDB ruby WORKING POC
Symantec Endpoint Protection Manager < 11.0.7405.1424 and 12.1 < 12.1.4023.4080 - XML External Entity Injection
The management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
EIP-2026-119159 EXPLOITDB text WORKING POC
SolarWinds Log and Event Manager/Trigeo SIM 6.1.0 - Remote Command Execution
CVE-2013-2347 EXPLOITDB python WORKING POC
HP Storage Data Protector 6.2X - Remote Code Execution via Crafted EXEC_BAR Packet
The Backup Client Service (OmniInet.exe) in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary commands or cause a denial of service via a crafted EXEC_BAR packet to TCP port 5555, aka ZDI-CAN-1885.