Richard Brain - Security Researcher - Exploit Intelligence Platform

EIP-2026-119339 EXPLOITDB text WRITEUP

3Com* iMC (Intelligent Management Center) - Cross-Site Scripting / Information Disclosure Flaws

View Code

EIP-2026-119340 EXPLOITDB text WRITEUP

3Com* iMC (Intelligent Management Center) - Traversal File Retrieval

View Code

EIP-2026-119093 EXPLOITDB text WRITEUP

RSA Authentication Agent for Web 5.3 - Open Redirection

View Code

EIP-2026-113888 EXPLOITDB text WORKING POC

WordPress Plugin Mediatricks Viva Thumbs - Multiple Information Disclosure Vulnerabilities

View Code

CVE-2008-0980 EXPLOITDB text WORKING POC

Spyce 2.1.3 - Cross-Site Scripting via Multiple Parameters

Multiple cross-site scripting (XSS) vulnerabilities in Spyce - Python Server Pages (PSP) 2.1.3 allow remote attackers to inject arbitrary web script or HTML via (1) the url or type parameter to docs/examples/redirect.spy; (2) the x parameter to docs/examples/handlervalidate.spy; (3) the name parameter to spyce/examples/request.spy; (4) the Name parameter to spyce/examples/getpost.spy; (5) the mytextarea parameter, the mypass parameter, or an empty parameter to spyce/examples/formtag.spy; (6) the newline parameter to the default URI under demos/chat/; (7) the text1 parameter to docs/examples/formintro.spy; or (8) the mytext or mydate parameter to docs/examples/formtag.spy.

View Code

CVE-2008-0980 EXPLOITDB text WRITEUP

Spyce 2.1.3 - Cross-Site Scripting via Multiple Parameters

Multiple cross-site scripting (XSS) vulnerabilities in Spyce - Python Server Pages (PSP) 2.1.3 allow remote attackers to inject arbitrary web script or HTML via (1) the url or type parameter to docs/examples/redirect.spy; (2) the x parameter to docs/examples/handlervalidate.spy; (3) the name parameter to spyce/examples/request.spy; (4) the Name parameter to spyce/examples/getpost.spy; (5) the mytextarea parameter, the mypass parameter, or an empty parameter to spyce/examples/formtag.spy; (6) the newline parameter to the default URI under demos/chat/; (7) the text1 parameter to docs/examples/formintro.spy; or (8) the mytext or mydate parameter to docs/examples/formtag.spy.

View Code

CVE-2008-0980 EXPLOITDB text WORKING POC

Spyce 2.1.3 - Cross-Site Scripting via Multiple Parameters

Multiple cross-site scripting (XSS) vulnerabilities in Spyce - Python Server Pages (PSP) 2.1.3 allow remote attackers to inject arbitrary web script or HTML via (1) the url or type parameter to docs/examples/redirect.spy; (2) the x parameter to docs/examples/handlervalidate.spy; (3) the name parameter to spyce/examples/request.spy; (4) the Name parameter to spyce/examples/getpost.spy; (5) the mytextarea parameter, the mypass parameter, or an empty parameter to spyce/examples/formtag.spy; (6) the newline parameter to the default URI under demos/chat/; (7) the text1 parameter to docs/examples/formintro.spy; or (8) the mytext or mydate parameter to docs/examples/formtag.spy.

View Code

CVE-2008-0982 EXPLOITDB text WRITEUP

Spyce 2.1.3 - Information Disclosure via Direct Request to automaton.spy

Spyce - Python Server Pages (PSP) 2.1.3 allows remote attackers to obtain sensitive information via a direct request for spyce/examples/automaton.spy, which reveals the path in an error message.

View Code

CVE-2008-0980 EXPLOITDB text WORKING POC

Spyce 2.1.3 - Cross-Site Scripting via Multiple Parameters

Multiple cross-site scripting (XSS) vulnerabilities in Spyce - Python Server Pages (PSP) 2.1.3 allow remote attackers to inject arbitrary web script or HTML via (1) the url or type parameter to docs/examples/redirect.spy; (2) the x parameter to docs/examples/handlervalidate.spy; (3) the name parameter to spyce/examples/request.spy; (4) the Name parameter to spyce/examples/getpost.spy; (5) the mytextarea parameter, the mypass parameter, or an empty parameter to spyce/examples/formtag.spy; (6) the newline parameter to the default URI under demos/chat/; (7) the text1 parameter to docs/examples/formintro.spy; or (8) the mytext or mydate parameter to docs/examples/formtag.spy.

View Code

CVE-2008-0980 EXPLOITDB text WORKING POC

Spyce 2.1.3 - Cross-Site Scripting via Multiple Parameters

Multiple cross-site scripting (XSS) vulnerabilities in Spyce - Python Server Pages (PSP) 2.1.3 allow remote attackers to inject arbitrary web script or HTML via (1) the url or type parameter to docs/examples/redirect.spy; (2) the x parameter to docs/examples/handlervalidate.spy; (3) the name parameter to spyce/examples/request.spy; (4) the Name parameter to spyce/examples/getpost.spy; (5) the mytextarea parameter, the mypass parameter, or an empty parameter to spyce/examples/formtag.spy; (6) the newline parameter to the default URI under demos/chat/; (7) the text1 parameter to docs/examples/formintro.spy; or (8) the mytext or mydate parameter to docs/examples/formtag.spy.

View Code

CVE-2010-4111 EXPLOITDB text WORKING POC

HP Insight Diagnostics < 8.5.1.3712 - Cross-Site Scripting

Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.1.3712 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

View Code

EIP-2026-105528 EXPLOITDB text WORKING POC

BlogCFC 5.9.6.001 - Multiple Cross-Site Scripting Vulnerabilities

View Code

EIP-2026-104067 EXPLOITDB text WORKING POC

SAP BusinessObjects 12 - URI redirection / Cross-Site Scripting

View Code

CVE-2010-2103 EXPLOITDB text WORKING POC

Apache Axis2 1.4.1-1.5.1 - Cross-Site Scripting via Modules Parameter

Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.

View Code

EIP-2026-103927 EXPLOITDB text WORKING POC

HP System Management Homepage 3.0.2 - 'servercert' Cross-Site Scripting

View Code

CVE-2002-2007 EXPLOITDB text WRITEUP

Apache Tomcat 3.2.3-3.2.4 - Info Disclosure

The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.

View Code

CVE-2002-2007 EXPLOITDB text WRITEUP

Apache Tomcat 3.2.3-3.2.4 - Info Disclosure

The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.

View Code

CVE-2002-2007 EXPLOITDB text WRITEUP

Apache Tomcat 3.2.3-3.2.4 - Info Disclosure

The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.

View Code

CVE-2008-5115 EXPLOITDB html WORKING POC

Sun Java System Identity Manager 6.0-6.0 SP4, 7.0, 7.1 - Cross-Site Request Forgery via Password Update

Cross-site request forgery (CSRF) vulnerability in Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 allows remote attackers to hijack the authentication of administrators for requests that update the password via idm/admin/changeself.jsp.

View Code

EIP-2026-102465 EXPLOITDB text WRITEUP

BMC Remedy Knowledge Management 7.5.00 - Default Account / Multiple Cross-Site Scripting Vulnerabilities

View Code

EIP-2026-102464 EXPLOITDB text WORKING POC

BMC Dashboards 7.6.01 - Cross-Site Scripting / Information Disclosure

View Code

EIP-2026-101584 EXPLOITDB text WRITEUP

CheckPoint/Sofaware Firewall - Multiple Vulnerabilities

View Code

CVE-2007-6704 EXPLOITDB html WORKING POC

F5 FirePass 4100 SSL VPN <6.0.1 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass 4100 SSL VPN 5.4.1 through 5.5.2 and 6.0 through 6.0.1, when pre-logon sequences are enabled, allow remote attackers to inject arbitrary web script or HTML via the query string to (1) my.activation.php3 and (2) my.logon.php3.

View Code

CVE-2008-1180 EXPLOITDB text WORKING POC

Juniper Networks Secure Access 2000 5.5 R1 - XSS

Cross-site scripting (XSS) vulnerability in dana-na/auth/rdremediate.cgi in Juniper Networks Secure Access 2000 5.5 R1 build 11711 allows remote attackers to inject arbitrary web script or HTML via the delivery_mode parameter.

View Code

EIP-2026-101336 EXPLOITDB text WORKING POC

Juniper Networks SA2000 SSL VPN Appliance - 'welcome.cgi' Cross-Site Scripting

View Code