Jakub Palaczynski

15 exploits Active since Jun 2015
CVE-2015-0104 EXPLOITDB HIGH WORKING POC
IBM Maximo and Tivoli Asset Management - Authenticated Remote Code Execution
IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to execute arbitrary code via unspecified vectors.
CVSS 8.8
CVE-2016-3473 EXPLOITDB HIGH text WORKING POC
Oracle BI Publisher - Info Disclosure
Unspecified vulnerability in the BI Publisher (formerly XML Publisher) component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote authenticated users to affect confidentiality via unknown vectors.
CVSS 7.7
CVE-2015-2125 EXPLOITDB text WORKING POC
HP WebInspect 7.8-10.4 - Authenticated XML External Entity Injection
Unspecified vulnerability in HP WebInspect 7.x through 10.4 before 10.4 update 1 allows remote authenticated users to bypass intended access restrictions via unknown vectors.
CVE-2019-8452 EXPLOITDB HIGH text WORKING POC
Check Point Endpoint Security < E80.96 and ZoneAlarm < 15.4.062 - Privilege Escalation via Hard Link
A hard-link created from log file archive of Check Point ZoneAlarm up to 15.4.062 or Check Point Endpoint Security client for Windows before E80.96 to any file on the system will get its permission changed so that all users can access that linked file. Doing this on files with limited access gains the local attacker higher privileges to the file.
CVSS 7.8
EIP-2026-109193 EXPLOITDB python WORKING POC
Loadbalancer.org Enterprise VA MAX 8.3.2 - Remote Code Execution
CVE-2019-3759 EXPLOITDB MEDIUM text WORKING POC
RSA Identity Governance and Lifecycle < 7.1.0 P08 - Authenticated Code Injection via Groovy Script Execution
The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a code injection vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to run custom Groovy scripts to gain limited access to view or modify information on the Workflow system.
CVSS 6.4
EIP-2026-103062 EXPLOITDB python WORKING POC
Apache James Server 2.3.2 - Remote Command Execution
EIP-2026-103063 EXPLOITDB python WORKING POC
Apache James Server 2.3.2 - Remote Command Execution (RCE) (Authenticated) (2)
CVE-2019-4013 EXPLOITDB CRITICAL text WORKING POC
IBM BigFix Platform 9.5.0-9.5.10 - Authenticated Arbitrary File Upload and Remote Code Execution
IBM BigFix Platform 9.5 could allow any authenticated user to upload any file to any location on the server with root privileges. This results in code execution on underlying system with root privileges. IBM X-Force ID: 155887.
CVSS 9.0
CVE-2015-0107 EXPLOITDB MEDIUM text WORKING POC
IBM Maximo Asset Management 7.1-7.1.1.8, 7.5 < 7.5.0.7 IFIX003, 7.6 < 7.6.0.0 IFIX002 - Authenticated Path Traversal
IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to conduct directory traversal attacks via unspecified vectors.
CVSS 6.5
CVE-2018-18865 EXPLOITDB HIGH html WORKING POC
Royal TS < 4.3.60728 and TSX < 3.3.1 - Credentials Disclosure
The Royal browser extensions TS before 4.3.60728 (Release Date 2018-07-28) and TSX before 3.3.1 (Release Date 2018-09-13) allow Credentials Disclosure.
CVSS 8.1
CVE-2018-6443 EXPLOITDB HIGH text WORKING POC
Brocade Network Advisor < 14.3.1 - Unauthenticated Remote Code Execution via JBoss Administration Interface
A vulnerability in Brocade Network Advisor Versions before 14.3.1 could allow an unauthenticated, remote attacker to log in to the JBoss Administration interface of an affected system using an undocumented user credentials and install additional JEE applications. A remote unauthenticated user who has access to Network Advisor client libraries and able to decrypt the Jboss credentials could gain access to the Jboss web console.
CVSS 8.1
CVE-2018-15691 EXPLOITDB CRITICAL python WORKING POC
CA Release Automation < 6.3.0.9945 - Remote Code Execution via Insecure Deserialization
Insecure deserialization of a specially crafted serialized object, in CA Release Automation 6.5 and earlier, allows attackers to potentially execute arbitrary code.
CVSS 9.8
CVE-2017-6315 EXPLOITDB CRITICAL python WORKING POC
Astaro Security Gateway 7 - Remote Code Execution via index.plx Request
Astaro Security Gateway (aka ASG) 7 allows remote attackers to execute arbitrary code via a crafted request to index.plx.
CVSS 9.8
CVE-2017-16787 EXPLOITDB MEDIUM text WORKING POC
Meinberg LANTIME <6.24.004 - Info Disclosure
The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote attackers to read arbitrary files by leveraging failure to restrict URL access.
CVSS 6.5