Fatih Kilic - Security Researcher - Exploit Intelligence Platform

CVE-2010-3895 EXPLOITDB text WORKING POC

IBM Omnifind < 9.0 - Access Control

esRunCommand in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges by specifying an arbitrary command name as the first argument.

View Code

CVE-2010-3891 EXPLOITDB html WORKING POC

IBM Omnifind < 9.0 - CSRF

Cross-site request forgery (CSRF) vulnerability in ESAdmin/security.do in the administrator interface in IBM OmniFind Enterprise Edition before 9.1 allows remote attackers to hijack the authentication of administrators for requests that add an administrative user via a saveNewUser action.

View Code

CVE-2010-3893 EXPLOITDB text WORKING POC

IBM Omnifind - Access Control

The administrator interface in IBM OmniFind Enterprise Edition 8.x and 9.x does not restrict use of a session ID (aka SID) value to a single IP address, which allows remote attackers to perform arbitrary administrative actions by leveraging cookie theft, related to a "session impersonation" issue.

View Code

CVE-2010-4236 EXPLOITDB text WORKING POC

IBM OmniFind EE <9.1 - Privilege Escalation

Untrusted search path vulnerability in estaskwrapper in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges via an ES_LIBRARY_PATH environment variable and a modified PATH environment variable, which is used during execution of the estasklight program, a different vulnerability than CVE-2010-3895.

View Code

CVE-2010-3894 EXPLOITDB text WRITEUP

IBM Omnifind < 8.5 - Memory Corruption

Stack-based buffer overflow in the Java_com_ibm_es_oss_CryptionNative_ESEncrypt function in /opt/IBM/es/lib/libffq.cryptionjni.so in the login form in the administration interface in IBM OmniFind Enterprise Edition before 8.5 FP6 allows remote attackers to execute arbitrary code via a long password.

View Code

CVE-2010-3899 EXPLOITDB php WORKING POC

IBM Omnifind - Resource Management Error

IBM OmniFind Enterprise Edition 8.x and 9.x performs web crawls with an unlimited recursion depth, which allows remote web servers to cause a denial of service (infinite loop) via a crafted series of documents.

View Code