Maurizio Agazzini

8 exploits Active since May 2003
CVE-2016-5983 NOMISEC HIGH WRITEUP
IBM WebSphere Application Server (WAS) <9.0.0.2 - Authenticated RCE
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.11, 9.0 before 9.0.0.2, and Liberty before 16.0.0.4 allows remote authenticated users to execute arbitrary Java code via a crafted serialized object.
1 stars
CVSS 7.5
CVE-2024-3656 WRITEUP HIGH WRITEUP
Keycloak < 24.0.5 - Authenticated Privilege Escalation via Admin REST API Endpoints
A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise.
CVSS 8.1
CVE-2024-4629 WRITEUP MEDIUM WRITEUP
Keycloak < 24.0.3 - Brute Force Protection Bypass via Timing Attack
A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. This timing loophole enables attackers to make more guesses at passwords than intended, potentially compromising account security on affected systems.
CVSS 6.5
CVE-2016-4534 EXPLOITDB LOW c WORKING POC
McAfee VirusScan Enterprise 8.8.0 - Local Console Unlock via Registry Handle Closure
The McAfee VirusScan Console (mcconsol.exe) in McAfee VirusScan Enterprise 8.8.0 before Hotfix 1123565 (8.8.0.1546) on Windows allows local administrators to bypass intended self-protection rules and unlock the console window by closing registry handles.
CVSS 3.0
CVE-2016-3984 EXPLOITDB MEDIUM c WORKING POC
McAfee Active Response < 1.1.0.161 - Local Administrator Bypass of Self-Protection via Registry Key Modification
The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) before 2.0.1.140.1, Data Loss Prevention Endpoint (DLPe) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Device Control (MDC) 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Endpoint Security (ENS) 10.x before 10.1, Host Intrusion Prevention Service (IPS) 8.0 before 8.0.0.3624, and VirusScan Enterprise (VSE) 8.8 before P7 (8.8.0.1528) on Windows allows local administrators to bypass intended self-protection rules and disable the antivirus engine by modifying registry keys.
CVSS 5.1
CVE-2008-0960 EXPLOITDB text WORKING POC
Juniper Session and Resource Control 1.0.0-2.0.0 - Improper Authentication via SNMPv3 HMAC Length Manipulation
SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte.
CVE-2003-0190 EXPLOITDB c SCANNER
OpenSSH < 3.6.1 - Username Enumeration via PAM Timing Attack
OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.
CVE-2016-7065 EXPLOITDB HIGH text WRITEUP
Red Hat JBoss Enterprise Application Platform 4 and 5 - Remote Code Execution via JMX Servlet Deserialization
The JMX servlet in Red Hat JBoss Enterprise Application Platform (EAP) 4 and 5 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object.
CVSS 8.8