Patrick Hof

13 exploits Active since May 2005
CVE-2007-1036 METASPLOIT ruby WORKING POC
JBoss Application Server - Unauthenticated Administrative Access via Default Configuration
The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests.
CVE-2010-0738 METASPLOIT MEDIUM ruby WORKING POC
JBoss JMX Console Deployer Upload and Execute
The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.
CVSS 5.3
CVE-2010-0738 METASPLOIT MEDIUM ruby WORKING POC
JBoss JMX Console Deployer Upload and Execute
The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.
CVSS 5.3
CVE-2010-0738 METASPLOIT MEDIUM ruby WORKING POC
JBoss JMX Console Deployer Upload and Execute
The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.
CVSS 5.3
CVE-2007-1036 METASPLOIT ruby WORKING POC
JBoss Application Server - Unauthenticated Administrative Access via Default Configuration
The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests.
CVE-2005-0251 EXPLOITDB text WRITEUP
BibORB 1.3.2 - Cross-Site Scripting via Search Parameter
Cross-site scripting (XSS) vulnerability in bibindex.php for BibORB 1.3.2, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the search parameter.
CVE-2005-0251 EXPLOITDB text WRITEUP
BibORB 1.3.2 - Cross-Site Scripting via Search Parameter
Cross-site scripting (XSS) vulnerability in bibindex.php for BibORB 1.3.2, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the search parameter.
CVE-2005-0253 EXPLOITDB text WRITEUP
BibORB 1.3.2 - Path Traversal via Database Name Parameter
Directory traversal vulnerability in index.php for BibORB 1.3.2, and possibly earlier versions, allows remote attackers to delete arbitrary files via a Delete action and .. (dot dot) sequences in the database_name parameter.
CVE-2005-0252 EXPLOITDB text WORKING POC
BibORB 1.3.2 - SQL Injection via Username or Password
SQL injection vulnerability in BibORB 1.3.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password.
CVE-2007-1036 EXPLOITDB ruby WORKING POC
JBoss Application Server - Unauthenticated Administrative Access via Default Configuration
The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests.
CVE-2007-1036 EXPLOITDB ruby WORKING POC
JBoss Application Server - Unauthenticated Administrative Access via Default Configuration
The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests.
CVE-2010-0738 EXPLOITDB MEDIUM ruby WORKING POC
JBoss JMX Console Deployer Upload and Execute
The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.
CVSS 5.3
CVE-2010-0738 EXPLOITDB MEDIUM ruby WORKING POC
JBoss JMX Console Deployer Upload and Execute
The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.
CVSS 5.3