Krzysztof Kotowicz

10 exploits Active since Jun 2011
CVE-2011-4858 METASPLOIT ruby WORKING POC
Apache Tomcat < 5.5.35, 6.x < 6.0.35, 7.x < 7.0.23 - Denial of Service via Hash Collision in Form Parameters
Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
CVE-2011-5035 METASPLOIT ruby WORKING POC
Oracle Glassfish < 3.1.1 - Denial of Service via Predictable Hash Collisions
Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869.
CVE-2011-5034 METASPLOIT ruby WORKING POC
Apache Geronimo < 2.2.1 - Denial of Service via Predictable Hash Collisions
Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
CVE-2013-6805 WRITEUP WORKING POC
OpenText Exceed OnDemand 8 - Weak Password Encryption
OpenText Exceed OnDemand (EoD) 8 uses weak encryption for passwords, which makes it easier for (1) remote attackers to discover credentials by sniffing the network or (2) local users to discover credentials by reading a .eod8 file.
CVE-2013-6806 WRITEUP WORKING POC
OpenText Exceed OnDemand 8 - Man-in-the-Middle Authentication Downgrade via Crafted Response
OpenText Exceed OnDemand (EoD) 8 allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information via a crafted string in a response, which triggers a downgrade to simple authentication that sends credentials in plaintext.
CVE-2013-6807 WRITEUP WORKING POC
OpenText Exceed OnDemand 8 - Man-in-the-Middle Attack via Anonymous Cipher Support
The client in OpenText Exceed OnDemand (EoD) 8 supports anonymous ciphers by default, which allows man-in-the-middle attackers to bypass server certificate validation, redirect a connection, and obtain sensitive information via crafted responses.
CVE-2013-6994 WRITEUP WORKING POC
OpenText Exceed OnDemand 8 - Session Fixation via Cleartext Session ID Transmission
OpenText Exceed OnDemand (EoD) 8 transmits the session ID in cleartext, which allows remote attackers to perform session fixation attacks by sniffing the network.
CVE-2011-4885 METASPLOIT ruby WORKING POC
PHP < 5.3.9 - Denial of Service via Hash Collision in Form Parameter Handling
PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
CVE-2012-1915 EXPLOITDB MEDIUM text WRITEUP
CodeIgniter < 2.1.2 - Cross-Site Scripting via xss_clean() Filter Bypass
EllisLab CodeIgniter 2.1.2 allows remote attackers to bypass the xss_clean() Filter and perform XSS attacks.
CVSS 6.1
CVE-2011-2202 EXPLOITDB text WORKING POC
PHP < 5.3.7 - Path Traversal and Arbitrary File Write via Multipart Form-Data Filename
The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a "file path injection vulnerability."