Pedro Andujar

15 exploits Active since Jul 2006
CVE-2013-4091 EXPLOITDB WRITEUP
Imperva SecureSphere 9.0.0.5 - Password Field Autocomplete Information Disclosure
The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 does not have an off autocomplete attribute for the password (aka j_password) field on the secsphLogin.jsp login page, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
CVE-2013-4092 EXPLOITDB WRITEUP
Imperva SecureSphere 9.0.0.5 - Information Disclosure via Session ID and Credential Logging
The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows context-dependent attackers to obtain sensitive information by leveraging the presence of (1) a session ID in the jsessionid field to secsphLogin.jsp or (2) credentials in the j_password parameter to j_acegi_security_check, and reading (a) web-server access logs, (b) web-server Referer logs, or (c) the browser history.
CVE-2013-4093 EXPLOITDB WRITEUP
Imperva SecureSphere 9.0.0.5 - Information Disclosure via Direct Request
The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote attackers to obtain sensitive information via (1) a direct request to dwr/call/plaincall/AsyncOperationsContainer.getOperationState.dwr, which reveals the installation path in the s0.filePath field, or (2) a T/keyManagement request to plain/settings.html, which reveals a temporary path in an error message.
CVE-2013-4094 EXPLOITDB WRITEUP
Imperva SecureSphere - Authenticated Arbitrary File Upload via Key Management Feature
The Key Management feature in the SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to upload executable files via the (1) private_key or (2) public_key parameter in a T/keyManagement request to plain/settings.html, as demonstrated by uploading a Linux ELF file and a shell script.
CVE-2013-4096 EXPLOITDB WRITEUP
DS3 Authentication Server - Authenticated Remote Code Execution via HOST_NAME Field
ServerAdmin/TestTelnetConnection.jsp in DS3 Authentication Server allows remote authenticated users to execute arbitrary commands via shell metacharacters in the HOST_NAME field.
CVE-2013-4097 EXPLOITDB WRITEUP
DS3 Authentication Server - Path Traversal via ServerAdmin/TestDRConnection.jsp
ServerAdmin/TestDRConnection.jsp in DS3 Authentication Server allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in a -REG-E-OPEN error message.
CVE-2019-10687 WRITEUP CRITICAL WRITEUP
KBPublisher 6.0.2.1 - SQL Injection via entry_id or id Parameter
KBPublisher 6.0.2.1 has SQL Injection via the admin/index.php?module=report entry_id[0] parameter, the admin/index.php?module=log id parameter, or an index.php?View=print&id[]= request.
CVSS 9.8
CVE-2015-5531 METASPLOIT ruby WORKING POC
Elasticsearch <1.6.1 - Path Traversal
Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls.
CVE-2006-3577 EXPLOITDB perl WORKING POC
LifeType 1.0.5 - SQL Injection via Date Parameter
SQL injection vulnerability in index.php in LifeType 1.0.5 allows remote attackers to execute arbitrary SQL commands via the Date parameter in a Default op.
CVE-2015-3337 EXPLOITDB python WORKING POC
Elasticsearch <1.4.5, <1.5.2 - Path Traversal
Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2013-4727 EXPLOITDB text WRITEUP
DDSN Interactive cm3 Acora CMS - Info Disclosure
DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a request to Admin/top.aspx.
EIP-2026-103454 EXPLOITDB text WORKING POC
EDItran Communications Platform (editcp) 4.1 - Remote Buffer Overflow
CVE-2015-5531 EXPLOITDB python WORKING POC
Elasticsearch <1.6.1 - Path Traversal
Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls.
CVE-2013-4095 EXPLOITDB text WRITEUP
Imperva SecureSphere 9.0.0.5 - Authenticated Remote Code Execution via Task Command Field
plain/actionsets.html in the SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to execute arbitrary commands via a task with a [command].value field in conjunction with an [arguments].value field.
CVE-2013-4098 EXPLOITDB text WRITEUP
DS3 Authentication Server - Remote Code Execution via ErrorViewer.jsp Message Parameter
ServerAdmin/ErrorViewer.jsp in DS3 Authentication Server allow remote attackers to inject arbitrary error-page text via the message parameter.