CoreLabs

8 exploits Active since Oct 2009
CVE-2017-11398 EXPLOITDB HIGH WORKING POC
Trend Micro Smart Protection Server <3.2 - SSRF
A session hijacking via log disclosure vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an unauthenticated attacker to hijack active user sessions to perform authenticated requests on a vulnerable system.
CVSS 8.8
CVE-2017-14096 EXPLOITDB MEDIUM WORKING POC
Trend Micro Smart Protection Server <3.2 - XSS
A stored cross site scripting (XSS) vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to execute a malicious payload on vulnerable systems.
CVSS 6.1
CVE-2017-14095 EXPLOITDB HIGH WORKING POC
Trend Micro Smart Protection Server <3.2 - RCE
A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a local file inclusion on a vulnerable system.
CVSS 8.1
CVE-2017-14094 EXPLOITDB CRITICAL WORKING POC
Trend Micro Smart Protection Server <3.2 - Command Injection
A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a cron job injection on a vulnerable system.
CVSS 9.8
CVE-2017-14097 EXPLOITDB CRITICAL WORKING POC
Trend Micro Smart Protection Server <3.2 - Info Disclosure
An improper access control vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to decrypt contents of a database with information that could be used to access a vulnerable system.
CVSS 9.8
CVE-2009-2898 EXPLOITDB text WRITEUP
SpringSource Hyperic HQ 3.2.x-4.2-beta1 - Authenticated Cross-Site Scripting via Alerts List Description Field
Cross-site scripting (XSS) vulnerability in the Alerts list feature in the web interface in SpringSource Hyperic HQ 3.2.x before 3.2.6.1, 4.0.x before 4.0.3.1, 4.1.x before 4.1.2.1, and 4.2-beta1; Application Management Suite (AMS) 2.0.0.SR3; and tc Server 6.0.20.B allows remote authenticated users to inject arbitrary web script or HTML via the Description field. NOTE: some of these details are obtained from third party information.
CVE-2018-7445 EXPLOITDB CRITICAL python WORKING POC
MikroTik RouterOS < 6.41.3 - Unauthenticated Remote Code Execution via SMB NetBIOS Session Request
A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes place, so it is possible for an unauthenticated remote attacker to exploit it. All architectures and all devices running RouterOS before versions 6.41.3/6.42rc27 are vulnerable.
CVSS 9.8
CVE-2012-2619 EXPLOITDB python WORKING POC
Broadcom BCM4325 and BCM4329 - Denial of Service via RSN 802.11i Information Element
The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, Apple, Asus, Ford, HTC, Kyocera, LG, Malata, Motorola, Nokia, Pantech, Samsung, and Sony products, allow remote attackers to cause a denial of service (out-of-bounds read and Wi-Fi outage) via an RSN 802.11i information element.