P. Morimoto

10 exploits Active since Apr 2017
CVE-2018-13980 EXPLOITDB MEDIUM text WRITEUP
Zeta Producer < 14.2.1 - Unauthenticated Path Traversal and File Disclosure via Filebrowser Plugin
The websites that were built from Zeta Producer Desktop CMS before 14.2.1 are vulnerable to unauthenticated file disclosure if the plugin "filebrowser" is installed, because of assets/php/filebrowser/filebrowser.main.php?file=../ directory traversal.
CVSS 5.5
CVE-2016-8526 EXPLOITDB HIGH text WRITEUP
Aruba Airwave < 8.2.3.1 - XML External Entity Injection
Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to an XML external entities (XXE). XXEs are a way to permit XML parsers to access storage that exist on external systems. If an unprivileged user is permitted to control the contents of XML files, XXE can be used as an attack vector. Because the XML parser has access to the local filesystem and runs with the permissions of the web server, it can access any file that is readable by the web server and copy it to an external system of the attacker's choosing. This could include files that contain passwords, which could then lead to privilege escalation.
CVSS 8.8
CVE-2015-7570 EXPLOITDB HIGH text WRITEUP
Yeager CMS 1.2.1 - Server-Side Request Forgery via dbhost Parameter
Multiple server-side request forgery (SSRF) vulnerabilities in Yeager CMS 1.2.1 allow remote attackers to trigger outbound requests and enumerate open ports via the dbhost parameter to libs/org/adodb_lite/tests/test_adodb_lite.php, libs/org/adodb_lite/tests/test_datadictionary.php, or libs/org/adodb_lite/tests/test_adodb_lite_sessions.php.
CVSS 7.2
CVE-2015-7569 EXPLOITDB HIGH text WRITEUP
Yeager CMS 1.2.1 - SQL Injection via pagedir_orderby Parameter
SQL injection vulnerability in "yeager/y.php/tab_USERLIST" in Yeager CMS 1.2.1 allows local users to execute arbitrary SQL commands via the "pagedir_orderby" parameter.
CVSS 8.8
CVE-2015-7568 EXPLOITDB CRITICAL text WRITEUP
Yeager CMS 1.2.1 - SQL Injection via Password Recovery UserEmail Parameter
SQL injection vulnerability in the password recovery feature in Yeager CMS 1.2.1 allows remote attackers to change the account credentials of known users via the "userEmail" parameter.
CVSS 9.8
CVE-2015-7567 EXPLOITDB CRITICAL text WRITEUP
Yeager CMS 1.2.1 - SQL Injection via Password Reset Token Parameter
SQL injection vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary SQL commands via the "passwordreset&token" parameter.
CVSS 9.8
CVE-2015-7571 EXPLOITDB HIGH text WRITEUP
Yeager CMS 1.2.1 - Unrestricted File Upload
Unrestricted file upload vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension.
CVSS 7.8
CVE-2016-8527 EXPLOITDB MEDIUM text WRITEUP
Aruba Airwave < 8.2.3.1 - Reflected Cross-Site Scripting in VisualRF Component
Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to a reflected cross-site scripting (XSS). The vulnerability is present in the VisualRF component of AirWave. By exploiting this vulnerability, an attacker who can trick a logged-in AirWave administrative user into clicking a link could obtain sensitive information, such as session cookies or passwords. The vulnerability requires that an administrative users click on the malicious link while currently logged into AirWave in the same browser.
CVSS 6.1
CVE-2018-13981 EXPLOITDB CRITICAL text WRITEUP
Zeta Producer Desktop CMS < 14.2.1 - Unauthenticated Remote Code Execution via PHP File Upload
The websites that were built from Zeta Producer Desktop CMS before 14.2.1 are vulnerable to unauthenticated remote code execution due to a default component that permits arbitrary upload of PHP files, because the formmailer widget blocks .php files but not .php5 or .phtml files. This is related to /assets/php/formmailer/SendEmail.php and /assets/php/formmailer/functions.php.
CVSS 9.8
CVE-2015-7572 EXPLOITDB text WRITEUP
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-0237. Reason: This candidate is a duplicate of CVE-2013-0237. Notes: All CVE users should reference CVE-2013-0237 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage