NSFOCUS Security Team

7 exploits Active since Jul 2001
CVE-2013-1966 METASPLOIT ruby WORKING POC
Apache Struts < 2.3.14.1 - Code Injection
Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
CVE-2013-2115 METASPLOIT HIGH ruby WORKING POC
Apache Struts < 2.3.14.1 - Code Injection
Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
CVSS 8.1
CVE-2001-0341 EXPLOITDB c WORKING POC
Microsoft Frontpage Server Extensions - Buffer Overflow
Buffer overflow in Microsoft Visual Studio RAD Support sub-component of FrontPage Server Extensions allows remote attackers to execute arbitrary commands via a long registration request (URL) to fp30reg.dll.
CVE-2001-0341 EXPLOITDB WORKING POC
Microsoft Frontpage Server Extensions - Buffer Overflow
Buffer overflow in Microsoft Visual Studio RAD Support sub-component of FrontPage Server Extensions allows remote attackers to execute arbitrary commands via a long registration request (URL) to fp30reg.dll.
CVE-2001-0652 EXPLOITDB c WORKING POC
Solaris 2.6-8 - Privilege Escalation
Heap overflow in xlock in Solaris 2.6 through 8 allows local users to gain root privileges via a long (1) XFILESEARCHPATH or (2) XUSERFILESEARCHPATH environmental variable.
CVE-2001-0652 EXPLOITDB c WORKING POC
Solaris 2.6-8 - Privilege Escalation
Heap overflow in xlock in Solaris 2.6 through 8 allows local users to gain root privileges via a long (1) XFILESEARCHPATH or (2) XUSERFILESEARCHPATH environmental variable.
CVE-2001-0548 EXPLOITDB c WORKING POC
SUN Solaris - Buffer Overflow
Buffer overflow in dtmail in Solaris 2.6 and 7 allows local users to gain privileges via the MAIL environment variable.