SEC Consult

94 exploits Active since Dec 2005
CVE-2015-4682 EXPLOITDB MEDIUM text WRITEUP
Polycom Realpresence Resource Manager < 8.3.2 - Information Disclosure
Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows remote authenticated users to obtain the installation path via an HTTP POST request to PlcmRmWeb/JConfigManager.
CVSS 6.5
CVE-2015-4681 EXPLOITDB HIGH text WRITEUP
Polycom Realpresence Resource Manager < 8.3.2 - Credentials Management
Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users to have unspecified impact via vectors related to weak passwords.
CVSS 7.8
CVE-2012-0393 EXPLOITDB text WORKING POC
Apache Struts <2.3.1.1 - Code Injection
The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
CVE-2012-0392 EXPLOITDB text WORKING POC
Apache Struts <2.3.1.1 - RCE
The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
CVE-2012-0391 EXPLOITDB CRITICAL text WORKING POC
Apache Struts <2.2.3.1 - RCE
The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
CVSS 9.8
CVE-2016-8527 EXPLOITDB MEDIUM text WRITEUP
Aruba Airwave <8.2.3.1 - XSS
Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to a reflected cross-site scripting (XSS). The vulnerability is present in the VisualRF component of AirWave. By exploiting this vulnerability, an attacker who can trick a logged-in AirWave administrative user into clicking a link could obtain sensitive information, such as session cookies or passwords. The vulnerability requires that an administrative users click on the malicious link while currently logged into AirWave in the same browser.
CVSS 6.1
EIP-2026-119684 EXPLOITDB text WRITEUP
RSA Enterprise Compromise Assessment Tool 4.1.0.1 - XML External Entity Injection
CVE-2013-1509 EXPLOITDB text WRITEUP
Oracle WebCenter Sites - Integrity
Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 7.6.2, 11.1.1.6.0, and 11.1.1.6.1 allows remote authenticated users to affect integrity via unknown vectors related to WebCenter Sites.
CVE-2007-6273 EXPLOITDB text WORKING POC
SonicWALL GLobal VPN Client <4.0.0.810 - RCE
Multiple format string vulnerabilities in the configuration file in SonicWALL GLobal VPN Client 3.1.556 and 4.0.0.810 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in the (1) Hostname tag or the (2) name attribute in the Connection tag. NOTE: there might not be any realistic circumstances in which this issue crosses privilege boundaries.
CVE-2013-2419 EXPLOITDB text WRITEUP
Oracle Java SE <7.17,6.43,5.41 - DoS
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "font processing errors" in the International Components for Unicode (ICU) Layout Engine before 51.2.
CVE-2018-13981 EXPLOITDB CRITICAL text WRITEUP
Zeta-producer Zeta Producer Desktop Cms - Unrestricted File Upload
The websites that were built from Zeta Producer Desktop CMS before 14.2.1 are vulnerable to unauthenticated remote code execution due to a default component that permits arbitrary upload of PHP files, because the formmailer widget blocks .php files but not .php5 or .phtml files. This is related to /assets/php/formmailer/SendEmail.php and /assets/php/formmailer/functions.php.
CVSS 9.8
CVE-2012-3363 EXPLOITDB CRITICAL text WRITEUP
Zend Framework < 1.11.12 - XXE
Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack.
CVSS 9.1
CVE-2015-7572 EXPLOITDB text WRITEUP
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-0237. Reason: This candidate is a duplicate of CVE-2013-0237. Notes: All CVE users should reference CVE-2013-0237 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
EIP-2026-113502 EXPLOITDB text WRITEUP
WordPress Core 3.1.3 - SQL Injection
CVE-2018-12981 EXPLOITDB MEDIUM text WRITEUP
Wago 762-3000 Firmware < 02 - XSS
An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. The vulnerability can be exploited by authenticated and unauthenticated users by sending special crafted requests to the web server allowing injecting code within the WBM. The code will be rendered and/or executed in the browser of the user's browser.
CVSS 5.4
CVE-2014-4307 EXPLOITDB text WRITEUP
WebTitan <4.04 - SQL Injection
SQL injection vulnerability in categories-x.php in WebTitan before 4.04 allows remote attackers to execute arbitrary SQL commands via the sortkey parameter.
CVE-2014-2846 EXPLOITDB text WRITEUP
Westerndigital Arkeia Virtual Appliance Firmware - Path Traversal
Directory traversal vulnerability in opt/arkeia/wui/htdocs/index.php in the WD Arkeia virtual appliance (AVA) with firmware before 10.2.9 allows remote attackers to read arbitrary files and execute arbitrary PHP code via a ..././ (dot dot dot slash dot slash) in the lang Cookie parameter, as demonstrated by a request to login/doLogin.
CVE-2013-1616 EXPLOITDB text WRITEUP
Symantec Web Gateway < 5.1 - OS Command Injection
The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote attackers to execute arbitrary commands by injecting a command into an application script.
CVE-2014-4965 EXPLOITDB text WRITEUP
Shopizer <1.1.5 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Shopizer 1.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) customername parameter to central/orders/searchcriteria.action; (2) productname, (3) availability, or (4) status parameter to central/catalog/productlist.action; or unspecified vectors in (5) WebContent/orders/orderlist.jsp.
CVE-2018-14059 EXPLOITDB MEDIUM text WRITEUP
Pimcore - XSS
Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset Metadata, Quantity Value, and Static Routes functions.
CVSS 5.4
EIP-2026-110292 EXPLOITDB text WRITEUP
OpenEMR 5.0.0 - OS Command Injection / Cross-Site Scripting
EIP-2026-110291 EXPLOITDB text WRITEUP
OpenEMR 5.0.0 - OS Command Injection / Cross-Site Scripting
CVE-2019-11600 EXPLOITDB HIGH text WRITEUP
OpenProject <8.3.2 - SQL Injection
A SQL injection vulnerability in the activities API in OpenProject before 8.3.2 allows a remote attacker to execute arbitrary SQL commands via the id parameter. The attack can be performed unauthenticated if OpenProject is configured not to require authentication for API access.
CVSS 8.1
EIP-2026-109240 EXPLOITDB text WRITEUP
Magento eCommerce - Local File Disclosure
CVE-2019-16173 EXPLOITDB MEDIUM text WRITEUP
LimeSurvey <3.17.14 - XSS
LimeSurvey before v3.17.14 allows reflected XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. This occurs in application/core/Survey_Common_Action.php,
CVSS 5.4