Jacob Holcomb

20 exploits Active since Mar 2003
CVE-2012-0285 EXPLOITDB WRITEUP
Stoneware webNetwork <6.0.8.0 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Stoneware webNetwork before 6.0.8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-1114 EXPLOITDB WORKING POC
Cisco Unity Express < 8.0 - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unity Express before 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud87527.
CVE-2013-3098 EXPLOITDB html WORKING POC
TRENDnet TEW-812DRU <1.0.9.0 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in TRENDnet TEW-812DRU router with firmware before 1.0.9.0 allow remote attackers to hijack the authentication of administrators for requests that (1) change admin credentials in a request to setSysAdm.cgi, (2) enable remote management or (3) enable port forwarding in an Apply action to uapply.cgi, or (4) have unspecified impact via a request to setNTP.cgi. NOTE: some of these details are obtained from third party information.
CVE-2002-1549 EXPLOITDB python WORKING POC
Light HTTPd 0.1 - Remote Code Execution via Long HTTP GET Request
Buffer overflow in Light HTTPd (lhttpd) 0.1 allows remote attackers to execute arbitrary code via a long HTTP GET request.
CVE-2012-5106 EXPLOITDB python WORKING POC
FreeFloat FTP Server 1.0 - Buffer Overflow
Stack-based buffer overflow in FreeFloat FTP Server 1.0 allows remote authenticated users to execute arbitrary code via a long string in a PUT command.
CVE-2013-4743 EXPLOITDB CRITICAL python WORKING POC
Static HTTP Server 1.0 - Buffer Overflow
Static HTTP Server 1.0 has a Local Overflow
CVSS 9.8
CVE-2013-4888 EXPLOITDB text WORKING POC
Xibo 1.4.2 - Cross-Site Scripting via Layout Parameter
Cross-site scripting (XSS) vulnerability in index.php in Digital Signage Xibo 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the layout parameter in the layout page.
CVE-2013-4889 EXPLOITDB html WORKING POC
Digital Signage Xibo 1.4.2 - Cross-Site Request Forgery in index.php
Multiple cross-site request forgery (CSRF) vulnerabilities in index.php in Digital Signage Xibo 1.4.2 allow remote attackers to hijack the authentication of administrators for requests that (1) add a new administrator via the AddUser action or (2) conduct cross-site scripting (XSS) attacks, as demonstrated by CVE-2013-4888.
CVE-2012-3859 EXPLOITDB text WORKING POC
Netsweeper WebAdmin Portal - Impact Unknown
Unspecified vulnerability in the WebAdmin Portal in Netsweeper has unknown impact and attack vectors, a different vulnerability than CVE-2012-2446 and CVE-2012-2447.
CVE-2013-4659 EXPLOITDB CRITICAL python WORKING POC
ASUS RT-AC66U and TRENDnet TEW-812DRU Firmware - Remote Code Execution via ACSD TCP Port 5916 Buffer Overflow
Buffer overflow in Broadcom ACSD allows remote attackers to execute arbitrary code via a long string to TCP port 5916. This component is used on routers of multiple vendors including ASUS RT-AC66U and TRENDnet TEW-812DRU.
CVSS 9.8
CVE-2012-0286 EXPLOITDB text WRITEUP
Stoneware webNetwork <6.0.8.0 - CSRF
Cross-site request forgery (CSRF) vulnerability in Stoneware webNetwork before 6.0.8.0 allows remote attackers to hijack the authentication of unspecified victims for requests that modify user accounts.
CVE-2012-4051 EXPLOITDB text WORKING POC
JAMF Casper Suite < 8.61 - Cross-Site Request Forgery via Save Action
Multiple cross-site request forgery (CSRF) vulnerabilities in editAccount.html in the JAMF Software Server (JSS) interface in JAMF Casper Suite before 8.61 allow remote attackers to hijack the authentication of administrators for requests that (1) create user accounts or (2) change passwords via a Save action.
CVE-2013-1120 EXPLOITDB text WORKING POC
Cisco Unity Express Software < 8.0 - Cross-Site Request Forgery
Multiple cross-site request forgery (CSRF) vulnerabilities on the Cisco Unity Express with software before 8.0 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCue35910.
CVE-2013-0126 EXPLOITDB text WORKING POC
Verizon FIOS Actiontec MI424WR-GEN3I Router Firmware 40.19.36 - Cross-Site Request Forgery via index.cgi
Multiple cross-site request forgery (CSRF) vulnerabilities in index.cgi on the Verizon FIOS Actiontec MI424WR-GEN3I router with firmware 40.19.36 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via the username and user_level parameters or (2) enable remote administration via the is_telnet_primary and is_telnet_secondary parameters.
CVE-2013-3365 EXPLOITDB html WORKING POC
TRENDnet TEW-812DRU - Authenticated OS Command Injection via Multiple Parameters
TRENDnet TEW-812DRU router allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) wan network prefix to internet/ipv6.asp; (2) remote port to adm/management.asp; (3) pptp username, (4) pptp password, (5) ip, (6) gateway, (7) l2tp username, or (8) l2tp password to internet/wan.asp; (9) NtpDstStart, (10) NtpDstEnd, or (11) NtpDstOffset to adm/time.asp; or (12) device url to adm/management.asp. NOTE: vectors 9, 10, and 11 can be exploited by unauthenticated remote attackers by leveraging CVE-2013-3098.
CVE-2013-6343 EXPLOITDB python WORKING POC
ASUS RT-N56U and RT-AC66U Firmware 3.0.0.4.374_979 - Remote Code Execution via apps_name or apps_flag Parameter
Multiple buffer overflows in web.c in httpd on the ASUS RT-N56U and RT-AC66U routers with firmware 3.0.0.4.374_979 allow remote attackers to execute arbitrary code via the (1) apps_name or (2) apps_flag parameter to APP_Installation.asp.
CVE-2013-2645 EXPLOITDB html WORKING POC
TP-LINK WR1043N Firmware TL-WR1043ND_V1_120405 - Cross-Site Request Forgery
Multiple cross-site request forgery (CSRF) vulnerabilities on the TP-LINK WR1043N router with firmware TL-WR1043ND_V1_120405 allow remote attackers to hijack the authentication of administrators for requests that (1) enable FTP access (aka "FTP directory traversal") to /tmp via the shareEntire parameter to userRpm/NasFtpCfgRpm.htm, (2) change the FTP administrative password via the nas_admin_pwd parameter to userRpm/NasUserAdvRpm.htm, (3) enable FTP on the WAN interface via the internetA parameter to userRpm/NasFtpCfgRpm.htm, (4) launch the FTP service via the startFtp parameter to userRpm/NasFtpCfgRpm.htm, or (5) enable or disable bandwidth limits via the QoSCtrl parameter to userRpm/QoSCfgRpm.htm.
CVE-2013-3095 EXPLOITDB html WORKING POC
D-Link DIR865L Firmware < 1.05b07 - Cross-Site Request Forgery via hedwig.cgi or pigwidgeon.cgi
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR865L router (Rev. A1) with firmware before 1.05b07 allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrator password or (2) enable remote management via a request to hedwig.cgi or (3) activate configuration changes via a request to pigwidgeon.cgi.
CVE-2013-3083 EXPLOITDB html WORKING POC
Belkin F5D8236-4 v2 - Cross-Site Request Forgery via remote_mgmt_enabled and remote_mgmt_port Parameters
Cross-site request forgery (CSRF) vulnerability in cgi-bin/system_setting.exe in Belkin F5D8236-4 v2 allows remote attackers to hijack the authentication of administrators for requests that open the remote management interface on arbitrary ports via the remote_mgmt_enabled and remote_mgmt_port parameters.
CVE-2012-6007 EXPLOITDB text WORKING POC
Cisco Wireless LAN Controller Software 7.2.110.0 - Authenticated Stored Cross-Site Scripting via Headline Parameter
Cross-site scripting (XSS) vulnerability in screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users to inject arbitrary web script or HTML via the headline parameter, aka Bug ID CSCud65187, a different vulnerability than CVE-2012-5992.