Peter Lapp

11 exploits Active since Oct 2016
CVE-2018-9021 EXPLOITDB CRITICAL python WORKING POC
Broadcom Privileged Access Manager - Improper Privilege Management
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests.
CVSS 9.8
CVE-2016-8582 METASPLOIT CRITICAL ruby WORKING POC
AlienVault OSSIM & USM <5.3.2 - SQL Injection
A vulnerability exists in gauge.php of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to execute an arbitrary SQL query and retrieve database information or read local system files via MySQL's LOAD_FILE.
CVSS 9.8
CVE-2018-9022 EXPLOITDB CRITICAL python WORKING POC
Broadcom Privileged Access Manager - Improper Privilege Management
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary code or commands by poisoning a configuration file.
CVSS 9.8
CVE-2019-15627 EXPLOITDB HIGH python WORKING POC
Trendmicro Deep Security - Symlink Following
Versions 10.0, 11.0 and 12.0 of the Trend Micro Deep Security Agent are vulnerable to an arbitrary file delete attack, which may lead to availability impact. Local OS access is required. Please note that only Windows agents are affected.
CVSS 7.1
CVE-2017-14355 EXPLOITDB HIGH python WORKING POC
HPE Connected Backup <8.8.6 - Privilege Escalation
A potential security vulnerability has been identified in HPE Connected Backup versions 8.6 and 8.8.6. The vulnerability could be exploited locally to allow escalation of privilege.
CVSS 7.8
CVE-2016-8580 EXPLOITDB CRITICAL ruby WORKING POC
AlienVault OSSIM & USM <5.3.2 - Code Injection
PHP object injection vulnerabilities exist in multiple widget files in AlienVault OSSIM and USM before 5.3.2. These vulnerabilities allow arbitrary PHP code execution via magic methods in included classes.
CVSS 9.8
CVE-2016-8581 EXPLOITDB MEDIUM text WORKING POC
AlienVault OSSIM & USM <5.3.2 - XSS
A persistent XSS vulnerability exists in the User-Agent header of the login process of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to steal session IDs of logged in users when the current sessions are viewed by an administrator.
CVSS 6.1
CVE-2016-8580 EXPLOITDB CRITICAL text WORKING POC
AlienVault OSSIM & USM <5.3.2 - Code Injection
PHP object injection vulnerabilities exist in multiple widget files in AlienVault OSSIM and USM before 5.3.2. These vulnerabilities allow arbitrary PHP code execution via magic methods in included classes.
CVSS 9.8
CVE-2016-8582 EXPLOITDB CRITICAL text WORKING POC
AlienVault OSSIM & USM <5.3.2 - SQL Injection
A vulnerability exists in gauge.php of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to execute an arbitrary SQL query and retrieve database information or read local system files via MySQL's LOAD_FILE.
CVSS 9.8
EIP-2026-105095 EXPLOITDB ruby WORKING POC
Alienvault OSSIM/USM 5.3.4/5.3.5 - Remote Command Execution (Metasploit)
EIP-2026-103259 EXPLOITDB text WRITEUP
Alienvault OSSIM/USM 4.14/4.15/5.0 - Multiple Vulnerabilities