Leandro Meiners

7 exploits Active since Nov 2005
EIP-2026-114755 EXPLOITDB text WORKING POC
IBM Websphere Caching Proxy Server 5.0 2 - Denial of Service
CVE-2005-3635 EXPLOITDB text WORKING POC
SAP Web Application Server 6.10-7.00 - Cross-Site Scripting via sap-syscmd and BspApplication Parameters
Multiple cross-site scripting (XSS) vulnerabilities in SAP Web Application Server (WAS) 6.10 through 7.00 allow remote attackers to inject arbitrary web script or HTML via (1) the sap-syscmd in sap-syscmd and (2) the BspApplication field in the SYSTEM PUBLIC test application.
CVE-2005-3636 EXPLOITDB text WRITEUP
SAP Web Application Server 6.10 - Cross-Site Scripting via Error Pages
Cross-site scripting (XSS) vulnerability in SAP Web Application Server (WAS) 6.10 allows remote attackers to inject arbitrary web script or HTML via Error Pages.
CVE-2005-3634 EXPLOITDB text WRITEUP
SAP Web Application Server 6.10-7.00 - Unauthenticated Session Termination and Open Redirect
frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter.
CVE-2006-0731 EXPLOITDB text WORKING POC
SAP Business Connector Core Fix <7 - CSRF
WmRoot/adapter-index.dsp in SAP Business Connector Core Fix 7 and earlier allows remote attackers to conduct spoofing (phishing) attacks via an absolute URL in the url parameter, which loads the URL inside a frame.
CVE-2006-0731 EXPLOITDB text WRITEUP
SAP Business Connector Core Fix <7 - CSRF
WmRoot/adapter-index.dsp in SAP Business Connector Core Fix 7 and earlier allows remote attackers to conduct spoofing (phishing) attacks via an absolute URL in the url parameter, which loads the URL inside a frame.
CVE-2006-0731 EXPLOITDB text WRITEUP
SAP Business Connector Core Fix <7 - CSRF
WmRoot/adapter-index.dsp in SAP Business Connector Core Fix 7 and earlier allows remote attackers to conduct spoofing (phishing) attacks via an absolute URL in the url parameter, which loads the URL inside a frame.