David Kierznowski

6 exploits Active since Dec 2006
CVE-2020-8241 NOMISEC HIGH WORKING POC
Pulse Secure Desktop Client < 9.1R9 - Man In The Middle
A vulnerability in the Pulse Secure Desktop Client < 9.1R9 could allow the attacker to perform a MITM Attack if end users are convinced to connect to a malicious server.
24 stars
CVSS 7.5
CVE-2007-4104 EXPLOITDB text WRITEUP
WP-FeedStats < 2.1 - Cross-Site Scripting via RSS2 Feed Query String
Multiple cross-site scripting (XSS) vulnerabilities in the WP-FeedStats before 2.4 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, one of which involves an rss2 feed with an invalid or missing blog with an XSS sequence in the query string.
CVE-2006-6808 EXPLOITDB text WORKING POC
WordPress 2.0.5 - Cross-Site Scripting via File Parameter in wp-admin/templates.php
Cross-site scripting (XSS) vulnerability in wp-admin/templates.php in WordPress 2.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. NOTE: some sources have reported this as a vulnerability in the get_file_description function in wp-admin/admin-functions.php.
CVE-2007-2714 EXPLOITDB html WORKING POC
Akismet WordPress Plugin <2.0.2 akismet.php - Unspecified Vulnerability
Unspecified vulnerability in akismet.php in Matt Mullenweg Akismet before 2.0.2, a WordPress plugin, has unknown impact and attack vectors.
CVE-2007-5229 EXPLOITDB javascript WORKING POC
FeedBurner FeedSmith 2.2 - Cross-Site Request Forgery via wp-admin/options-general.php
Cross-site request forgery (CSRF) vulnerability in the FeedBurner FeedSmith 2.2 plugin for WordPress allows remote attackers to change settings and hijack blog feeds via a request to wp-admin/options-general.php that submits parameter values to FeedBurner_FeedSmith_Plugin.php, as demonstrated by the (1) feedburner_url and (2) feedburner_comments_url parameters.
CVE-2009-0037 EXPLOITDB text WORKING POC
curl 5.11-7.19.3 - Remote Request Smuggling via Redirect Location Header
The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL.