George D. Gal - Security Researcher - Exploit Intelligence Platform

CVE-2010-4566 METASPLOIT ruby WORKING POC

Citrix Access Gateway <5.0 - Command Injection

The web authentication form in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and earlier, and the NTLM authentication component in Access Gateway Standard and Advanced Editions before Access Gateway 5.0, allows attackers to execute arbitrary commands via shell metacharacters in the password field.

View Code

CVE-2010-4566 EXPLOITDB ruby WORKING POC

Citrix Access Gateway <5.0 - Command Injection

The web authentication form in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and earlier, and the NTLM authentication component in Access Gateway Standard and Advanced Editions before Access Gateway 5.0, allows attackers to execute arbitrary commands via shell metacharacters in the password field.

View Code

CVE-2010-4566 EXPLOITDB text WRITEUP

Citrix Access Gateway <5.0 - Command Injection

The web authentication form in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and earlier, and the NTLM authentication component in Access Gateway Standard and Advanced Editions before Access Gateway 5.0, allows attackers to execute arbitrary commands via shell metacharacters in the password field.

View Code

CVE-2006-0515 EXPLOITDB java WORKING POC

Cisco PIX/ASA <7.1(2) & 7.0(<5), PIX 6.3(<5.112), FWSM 2.3(<4) & 3....

Cisco PIX/ASA 7.1.x before 7.1(2) and 7.0.x before 7.0(5), PIX 6.3.x before 6.3.5(112), and FWSM 2.3.x before 2.3(4) and 3.x before 3.1(7), when used with Websense/N2H2, allows remote attackers to bypass HTTP access restrictions by splitting the GET method of an HTTP request into multiple packets, which prevents the request from being sent to Websense for inspection, aka bugs CSCsc67612, CSCsc68472, and CSCsd81734.

View Code