Matthew Hall

9 exploits Active since Aug 2006
CVE-2014-0094 EXPLOITDB ruby WORKING POC
Apache Struts 2.0.0-2.3.16.1 - Remote Code Execution via Class Parameter Manipulation
The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method.
CVE-2014-0112 EXPLOITDB ruby WORKING POC
Apache Struts 2.0.0-2.3.16.1 and struts2-core < 2.3.20 - Remote Code Execution via ParametersInterceptor
ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.
CVE-2014-0112 METASPLOIT ruby WORKING POC
Apache Struts 2.0.0-2.3.16.1 and struts2-core < 2.3.20 - Remote Code Execution via ParametersInterceptor
ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.
CVE-2014-2623 METASPLOIT ruby WORKING POC
HP Storage Data Protector 8.x - Remote Code Execution
Unspecified vulnerability in HP Storage Data Protector 8.x allows remote attackers to execute arbitrary code via unknown vectors.
CVE-2013-0810 METASPLOIT HIGH ruby WORKING POC
Windows XP/Vista/Server 2003/2008 RCE via Crafted Screensaver in Theme File
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, and Windows Server 2008 SP2 allow remote attackers to execute arbitrary code via a crafted screensaver in a theme file, aka "Windows Theme File Remote Code Execution Vulnerability."
CVSS 8.1
CVE-2014-2623 EXPLOITDB ruby WORKING POC
HP Storage Data Protector 8.x - Remote Code Execution
Unspecified vulnerability in HP Storage Data Protector 8.x allows remote attackers to execute arbitrary code via unknown vectors.
CVE-2014-0114 EXPLOITDB ruby WORKING POC
Apache Commons BeanUtils <1.9.2 - RCE
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, as demonstrated by the passing of this parameter to the getClass method of the ActionForm object in Struts 1.
CVE-2006-4081 EXPLOITDB text WORKING POC
Barracuda Spam Firewall (BSF) <3.3.03.053 - Command Injection
preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote attackers to execute commands via shell metacharacters ("|" pipe symbol) in the file parameter. NOTE: the attack can be extended to arbitrary commands by the presence of CVE-2006-4000.
CVE-2006-4081 EXPLOITDB text WORKING POC
Barracuda Spam Firewall (BSF) <3.3.03.053 - Command Injection
preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote attackers to execute commands via shell metacharacters ("|" pipe symbol) in the file parameter. NOTE: the attack can be extended to arbitrary commands by the presence of CVE-2006-4000.