Nahuel Grisolía

14 exploits Active since Dec 2009
CVE-2010-3313 EXPLOITDB text WRITEUP
EGroupware <1.6.003-9.2.20100309 - Command Injection
phpgwapi/js/fckeditor/editor/dialog/fck_spellerpages/spellerpages/serverscripts/spellchecker.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) aspell_path or (2) spellchecker_lang parameters.
EIP-2026-110397 EXPLOITDB text WORKING POC
OSSIM 2.1.5 - Arbitrary File Upload
CVE-2010-0605 EXPLOITDB text WORKING POC
Osticket < 1.6 - SQL Injection
SQL injection vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users, with "Staff" permissions, to execute arbitrary SQL commands via the input parameter.
EIP-2026-110398 EXPLOITDB text WRITEUP
OSSIM 2.2 - Multiple Vulnerabilities
CVE-2009-4375 EXPLOITDB text WRITEUP
AlienVault OSSIM <2.1.5.4 - SQL Injection
SQL injection vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary SQL commands via the id_document parameter.
CVE-2009-4372 EXPLOITDB text WORKING POC
AlienVault OSSIM <2.1.5-4 - RCE
AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary commands via shell metacharacters in the uniqueid parameter to (1) wcl.php, (2) storage_graphs.php, (3) storage_graphs2.php, (4) storage_graphs3.php, and (5) storage_graphs4.php in sem/.
CVE-2010-3314 EXPLOITDB text WRITEUP
EGroupware <1.6.003 - XSS
Cross-site scripting (XSS) vulnerability in login.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
EIP-2026-102482 EXPLOITDB text WRITEUP
Hipergate 4.0.12 - Multiple Vulnerabilities
EIP-2026-102498 EXPLOITDB text WORKING POC
ManageEngine ServiceDesk Plus 7.6 - woID SQL Injection
EIP-2026-101841 EXPLOITDB text WRITEUP
McAfee Email Gateway (formerly IronMail) - Cross-Site Scripting
EIP-2026-101040 EXPLOITDB text WRITEUP
McAfee Email Gateway (formerly IronMail) - Denial of Service
EIP-2026-100961 EXPLOITDB text WRITEUP
McAfee Email Gateway (formerly IronMail) - Internal Information Disclosure
EIP-2026-100970 EXPLOITDB text WRITEUP
McAfee Email Gateway - Web Administration Broken Access Control
EIP-2026-100962 EXPLOITDB text WRITEUP
McAfee Email Gateway (formerly IronMail) - Local Privilege Escalation