Daniel Correa

4 exploits Active since Aug 2012
CVE-2017-11355 EXPLOITDB MEDIUM text WORKING POC
Pega Platform < 7.2_ml0 - Cross-Site Scripting via PATH_INFO, beanReference, or pyTableName
Multiple cross-site scripting (XSS) vulnerabilities in PEGA Platform 7.2 ML0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to the main page; the (2) beanReference parameter to the JavaBean viewer page; or the (3) pyTableName to the System database schema modification page.
CVSS 6.1
EIP-2026-118851 EXPLOITDB text WORKING POC
Microsoft Internet Explorer/Opera - Source Code viewer Null Character Handling
CVE-2012-4070 EXPLOITDB text WORKING POC
dir2web 3.0 - SQL Injection via oid Parameter
SQL injection vulnerability in system/src/dispatcher.php in Dir2web 3.0 allows remote attackers to execute arbitrary SQL commands via the oid parameter in a homepage action to index.php.
CVE-2017-11356 EXPLOITDB MEDIUM text WORKING POC
Pega Platform < 7.2_ml0 - Sensitive Configuration Exposure via Export
The application distribution export functionality in PEGA Platform 7.2 ML0 and earlier allows remote authenticated users with certain privileges to obtain sensitive configuration information by leveraging a missing access control.
CVSS 6.5