Cyrill Brunschwiler

4 exploits Active since Oct 2007
CVE-2012-2315 EXPLOITDB WORKING POC
OpenKM <5.1.8-2 - Privilege Escalation
admin/Auth in OpenKM 5.1.7 and other versions before 5.1.8-2 does not properly enforce privileges for changing user roles, which allows remote authenticated users to assign administrator privileges to arbitrary users via the userEdit action.
CVE-2007-5636 EXPLOITDB java WORKING POC
Nortel IP Softphone 2050 - Buffer Overflow via RTCP Port Flood
Buffer overflow in the Nortel UNIStim IP Softphone 2050 allows remote attackers to cause a denial of service (application abort) and possibly execute arbitrary code via a flood of invalid characters to the RTCP port (5678/udp) that triggers a Windows error message, aka "extraneous messaging."
EIP-2026-102528 EXPLOITDB text WORKING POC
OpenKM 5.1.7 - Cross-Site Request Forgery
CVE-2012-2316 EXPLOITDB text WORKING POC
OpenKM < 5.1.8-2 - Cross-Site Request Forgery via Admin Scripting Endpoint
Cross-site request forgery (CSRF) vulnerability in servlet/admin/AuthServlet.java in OpenKM 5.1.7 and other versions before 5.1.8-2 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary code via the script parameter to admin/scripting.jsp.