Deniz Cevik

7 exploits Active since May 2008
CVE-2008-2138 EXPLOITDB text WRITEUP
Oracle Application Server Portal 10g - Unauthenticated Directory Traversal via Trailing %0A
Oracle Application Server (OracleAS) Portal 10g allows remote attackers to bypass intended access restrictions and read the contents of /dav_portal/portal/ by sending a request containing a trailing "%0A" (encoded line feed), then using the session ID that is generated from that request. NOTE: as of 20080512, Oracle has not commented on the accuracy of this report.
CVE-2008-2167 EXPLOITDB text WORKING POC
ZyXEL ZyWALL 100 - Cross-Site Scripting via Referer Header
Cross-site scripting (XSS) vulnerability in ZyXEL ZyWALL 100 allows remote attackers to inject arbitrary web script or HTML via the Referer header, which is not properly handled in a 404 Error page.
CVE-2008-2162 EXPLOITDB text WORKING POC
SonicWall Email Security 6.1.1 - Cross-Site Scripting via Host Header
Cross-site scripting (XSS) vulnerability in SonicWall Email Security 6.1.1 allows remote attackers to inject arbitrary web script or HTML via the Host header in a request to a non-existent web page, which is not properly sanitized in an error page.
CVE-2010-1157 EXPLOITDB text WRITEUP
Apache Tomcat <6.0.26 - Info Disclosure
Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
CVE-2008-3776 EXPLOITDB text WORKING POC
Fujitsu Web-Based Admin View <2.1.2 - Path Traversal
Directory traversal vulnerability in Fujitsu Web-Based Admin View 2.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
CVE-2008-3161 EXPLOITDB text WORKING POC
IBM Maximo 4.1 and 5.2 - Cross-Site Scripting via HTTP Headers
Multiple cross-site scripting (XSS) vulnerabilities in jsp/common/system/debug.jsp in IBM Maximo 4.1 and 5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Accept, (2) Accept-Language, (3) UA-CPU, (4) Accept-Encoding, (5) User-Agent, or (6) Cookie HTTP header. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
EIP-2026-100171 EXPLOITDB text WORKING POC
BlogEngine.NET 1.6 - Directory Traversal / Information Disclosure