SEC Consult

94 exploits Active since Dec 2005
EIP-2026-108993 EXPLOITDB text WRITEUP
Kerio Control Unified Threat Management 9.1.0 build 1087/9.1.1 build 1324 - Multiple Vulnerabilities
EIP-2026-107690 EXPLOITDB text WRITEUP
I_ Librarian 4.6/4.7 - Command Injection / Server Side Request Forgery / Directory Enumeration / Cross-Site Scripting
EIP-2026-107691 EXPLOITDB text WRITEUP
I_ Librarian 4.6/4.7 - Command Injection / Server Side Request Forgery / Directory Enumeration / Cross-Site Scripting
EIP-2026-105939 EXPLOITDB text WRITEUP
ClipBucket < 4.0.0 - Release 4902 - Command Injection / File Upload / SQL Injection
EIP-2026-105940 EXPLOITDB text WRITEUP
ClipBucket < 4.0.0 - Release 4902 - Command Injection / File Upload / SQL Injection
EIP-2026-105017 EXPLOITDB text WORKING POC
Afian AB FileRun 2017.03.18 - Multiple Vulnerabilities
EIP-2026-104351 EXPLOITDB html WRITEUP
Navetti PricePoint 4.6.0.0 - SQL Injection / Cross-Site Scripting / Cross-Site Request Forgery
CVE-2014-9226 EXPLOITDB text WORKING POC
Symantec SCSP <5.2.9, SDCS:SA <6.0 MP1 - Auth Bypass
The management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows local users to bypass intended Protection Policies via unspecified vectors.
CVE-2014-9304 EXPLOITDB text WRITEUP
Plex Media Server < 0.9.9.2 - Server-Side Request Forgery and Authentication Bypass via X-Plex-Url Header
Plex Media Server before 0.9.9.3 allows remote attackers to bypass the web server whitelist, conduct SSRF attacks, and execute arbitrary administrative actions via multiple crafted X-Plex-Url headers to system/proxy, which are inconsistently processed by the request handler in the backend web server.
CVE-2012-3186 EXPLOITDB text WRITEUP
Oracle WebCenter Sites - Info Disclosure
Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Advanced UI, a different vulnerability than CVE-2012-3183 and CVE-2012-3185.
EIP-2026-104353 EXPLOITDB html WRITEUP
Navetti PricePoint 4.6.0.0 - SQL Injection / Cross-Site Scripting / Cross-Site Request Forgery
EIP-2026-104352 EXPLOITDB html WRITEUP
Navetti PricePoint 4.6.0.0 - SQL Injection / Cross-Site Scripting / Cross-Site Request Forgery
EIP-2026-104250 EXPLOITDB text WRITEUP
FirePass SSL VPN - Local File Inclusion
EIP-2026-104072 EXPLOITDB text WRITEUP
Sawmill Enterprise < 8.1.7.3 - Multiple Vulnerabilities
CVE-2012-0394 EXPLOITDB text WORKING POC
Apache Struts 2.0.0-2.3.16 - Remote Code Execution via DebuggingInterceptor
The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself.
CVE-2015-1482 EXPLOITDB text WRITEUP
Ansible Tower < 2.0.4 - Unauthenticated Sensitive Information Exposure via WebSocket Connection
Ansible Tower (aka Ansible UI) before 2.0.5 allows remote attackers to bypass authentication and obtain sensitive information via a websocket connection to socket.io/1/.
CVE-2009-5135 EXPLOITDB text WRITEUP
Echo < 2.1.1 and 3.x < 3.0.b6 - XML External Entity Injection
The Java XML parser in Echo before 2.1.1 and 3.x before 3.0.b6 allows remote attackers to read arbitrary files via a request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2013-2643 EXPLOITDB text WRITEUP
Sophos Web Appliance <3.7.8.2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Sophos Web Appliance before 3.7.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) xss parameter in an allow action to rss.php, (2) msg parameter to end-user/errdoc.php, (3) h parameter to end-user/ftp_redirect.php, or (4) threat parameter to the Blocked component.
EIP-2026-103533 EXPLOITDB text WRITEUP
Libmodplug ReadS3M - Stack Overflow
CVE-2013-2160 EXPLOITDB text WRITEUP
Apache CXF 2.5.0-2.5.9, 2.6.0-2.6.6, 2.7.0-2.7.3 - Denial of Service via Crafted XML
The streaming XML parser in Apache CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to cause a denial of service (CPU and memory consumption) via crafted XML with a large number of (1) elements, (2) attributes, (3) nested constructs, and possibly other vectors.
EIP-2026-103395 EXPLOITDB text WRITEUP
Airlock WAF 4.2.4 - Overlong UTF-8 Sequence Bypass
CVE-2014-5350 EXPLOITDB text WRITEUP
Bitdefender GravityZone < 5.1.5.386 - Path Traversal via Web Console or Update Server
Multiple directory traversal vulnerabilities in Bitdefender GravityZone before 5.1.11.432 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the id parameter to webservice/CORE/downloadFullKitEpc/a/1 in the Web Console or (2) %2E%2E (encoded dot dot) in the default URI to port 7074 on the Update Server.
CVE-2005-4080 EXPLOITDB perl WORKING POC
Horde IMP <= 4.0.4 - Cross-Site Scripting via UTF16 Null Character Handling
Horde IMP 4.0.4 and earlier does not sanitize strings containing UTF16 null characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via UTF16 encoded attachments and strings that will be executed when viewed using Internet Explorer, which ignores the characters.
CVE-2014-7208 EXPLOITDB text WRITEUP
GParted <0.15.0 - Command Injection
GParted before 0.15.0 allows local users to execute arbitrary commands with root privileges via shell metacharacters in a crafted filesystem label.
CVE-2006-1834 EXPLOITDB text WORKING POC
Opera < 8.54 - Remote Code Execution via Stylesheet Attribute Length Check Bypass
Integer signedness error in Opera before 8.54 allows remote attackers to execute arbitrary code via long values in a stylesheet attribute, which pass a length check. NOTE: a sign extension problem makes the attack easier with shorter strings.