RedTeam Pentesting

38 exploits Active since Feb 2005
CVE-2018-9843 EXPLOITDB CRITICAL text WORKING POC
CyberArk Password Vault < 9.9.5 and 10.x < 10.1 - Remote Code Execution via REST API Authorization Header
The REST API in CyberArk Password Vault Web Access before 9.9.5 and 10.x before 10.1 allows remote attackers to execute arbitrary code via a serialized .NET object in an Authorization HTTP header.
CVSS 9.8
EIP-2026-102446 EXPLOITDB text WORKING POC
REDDOXX Appliance Build 2032 / 2.0.625 - Remote Command Execution
EIP-2026-102445 EXPLOITDB text WORKING POC
REDDOXX Appliance Build 2032 / 2.0.625 - Arbitrary File Disclosure
CVE-2015-2805 EXPLOITDB text WORKING POC
Alcatel-Lucent OmniSwitch Firmware < 6.4.5.r02 - Cross-Site Request Forgery via User Creation
Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01, and 8.1.1.R01 allows remote attackers to hijack the authentication of administrators for requests that create users via a crafted request.
CVE-2014-9303 EXPLOITDB text WRITEUP
EntryPass N5200 Active Network Control Panel - Unauthenticated Exposure of Sensitive Information via URL Character Range
EntryPass N5200 Active Network Control Panel allows remote attackers to read device memory and obtain the administrator username and password via a URL starting with an ASCII character o through z or A through D, different vectors than CVE-2014-8868.
CVE-2019-1652 EXPLOITDB HIGH text WORKING POC
Cisco RV320 and RV325 Firmware 1.4.2.15-1.4.2.21 - Authenticated Remote Code Execution via HTTP POST Request
A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious HTTP POST requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux shell as root. Cisco has released firmware updates that address this vulnerability.
CVSS 7.2
EIP-2026-101503 EXPLOITDB text WRITEUP
ZyWALL USG Appliance - Multiple Vulnerabilities
EIP-2026-101168 EXPLOITDB text WRITEUP
AVM FRITZ!Box < 6.30 - Remote Buffer Overflow
CVE-2014-6137 EXPLOITDB text WRITEUP
IBM Tivoli Endpoint Manager < 9.1.1117 - Cross-Site Scripting in Relay Diagnostic Page
Cross-site scripting (XSS) vulnerability in the Relay Diagnostic page in IBM Tivoli Endpoint Manager 9.1 before 9.1.1229 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-3014 EXPLOITDB text WRITEUP
activeWeb contentserver < 5.6.2964 - Cross-Site Scripting via msg Parameter or MIME Type
Multiple cross-site scripting (XSS) vulnerabilities in activeWeb contentserver before 5.6.2964 allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) errors/rights.asp or (2) errors/transaction.asp, or (3) the name of a MIME type (mimetype).
CVE-2014-2575 EXPLOITDB text WRITEUP
Devexpress Aspxfilemanager Control For Webforms And Mvc < 13.1.9 - Path Traversal
Directory traversal vulnerability in the File Manager component in DevExpress ASPxFileManager Control for ASP.NET WebForms and MVC before 13.1.10 and 13.2.x before 13.2.9 allows remote authenticated users to read or write arbitrary files via a .. (dot dot) in the __EVENTARGUMENT parameter.
CVE-2007-3014 EXPLOITDB text WRITEUP
activeWeb contentserver < 5.6.2964 - Cross-Site Scripting via msg Parameter or MIME Type
Multiple cross-site scripting (XSS) vulnerabilities in activeWeb contentserver before 5.6.2964 allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) errors/rights.asp or (2) errors/transaction.asp, or (3) the name of a MIME type (mimetype).
CVE-2007-3013 EXPLOITDB text WRITEUP
activeWeb contentserver < 5.6.2964 - Authenticated SQL Injection via id Parameter
SQL injection vulnerability in activeWeb contentserver before 5.6.2964 allows remote authenticated users with edit permission to execute arbitrary SQL commands via the id parameter to admin/picture/picture_real_edit.asp, and probably other unspecified vectors.