SecuriTeam

56 exploits Active since Nov 2000
CVE-2016-2183 EXPLOITDB HIGH text WORKING POC
Redhat Jboss Enterprise Application Platform - Information Disclosure
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.
CVSS 7.5
CVE-2017-16352 EXPLOITDB HIGH python WORKING POC
GraphicsMagick 1.3.26 - Buffer Overflow
GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage() function of the magick/describe.c file. One possible way to trigger the vulnerability is to run the identify command on a specially crafted MIFF format file with the verbose flag.
CVSS 8.8
CVE-2017-1092 METASPLOIT CRITICAL ruby WORKING POC
IBM Informix Open Admin Tool <12.1 - RCE
IBM Informix Open Admin Tool 11.5, 11.7, and 12.1 could allow an unauthorized user to execute arbitrary code as system admin on Windows servers. IBM X-Force ID: 120390.
CVSS 9.8
CVE-2017-11471 EXPLOITDB CRITICAL WORKING POC
IDERA Uptime Monitor 7.8 - SQL Injection
IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatIfGadget/getmetrics.php via the element parameter.
CVSS 9.8
EIP-2026-119686 EXPLOITDB text WORKING POC
Trend Micro Deep Security 6.5 - XML External Entity Injection / Local Privilege Escalation / Remote Code Execution
CVE-2017-1092 EXPLOITDB CRITICAL text WORKING POC
IBM Informix Open Admin Tool <12.1 - RCE
IBM Informix Open Admin Tool 11.5, 11.7, and 12.1 could allow an unauthorized user to execute arbitrary code as system admin on Windows servers. IBM X-Force ID: 120390.
CVSS 9.8
CVE-2002-0637 EXPLOITDB perl WORKING POC
InterScan VirusWall 3.52 build 1462 - Auth Bypass
InterScan VirusWall 3.52 build 1462 allows remote attackers to bypass virus protection via e-mail messages with headers that violate RFC specifications by having (or missing) space characters in unexpected places (aka "space gap"), such as (1) Content-Type :", (2) "Content-Transfer-Encoding :", (3) no space before a boundary declaration, or (4) "boundary= ", which is processed by Outlook Express.
CVE-2006-1771 EXPLOITDB text WORKING POC
SAXoTECH SAXoPRESS - Path Traversal
Directory traversal vulnerability in misc in pbcs.dll in SAXoTECH SAXoPRESS, aka Saxotech Online (formerly Publicus) allows remote attackers to read arbitrary files and possibly execute arbitrary programs via a .. (dot dot) in the url parameter.
CVE-2017-11467 EXPLOITDB CRITICAL WORKING POC
OrientDB <2.2.22 - RCE
OrientDB through 2.2.22 does not enforce privilege requirements during "where" or "fetchplan" or "order by" use, which allows remote attackers to execute arbitrary OS commands via a crafted request.
CVSS 9.8
CVE-2017-3897 EXPLOITDB CRITICAL WORKING POC
McAfee Live Safe <16.0.3, MSS+ <3.11.599.3 - Code Injection
A Code Injection vulnerability in the non-certificate-based authentication mechanism in McAfee Live Safe versions prior to 16.0.3 and McAfee Security Scan Plus (MSS+) versions prior to 3.11.599.3 allows network attackers to perform a malicious file execution via a HTTP backend-response.
CVSS 9.8
CVE-2000-0836 EXPLOITDB text WRITEUP
Broadgun Software Camshot Webcam - Buffer Overflow
Buffer overflow in CamShot WebCam Trial2.6 allows remote attackers to execute arbitrary commands via a long Authorization header.
CVE-2017-15643 EXPLOITDB HIGH WORKING POC
Ikarussecurity Ikarus Antivirus - HTTP Request Smuggling
An active network attacker (MiTM) can achieve remote code execution on a machine that runs IKARUS Anti Virus 2.16.7. IKARUS AV for Windows uses cleartext HTTP for updates along with a CRC32 checksum and an update value for verification of the downloaded files. The attacker first forces the client to initiate an update transaction by modifying an update field within an HTTP 200 response, so that it refers to a nonexistent update. The attacker then modifies the HTTP 404 response so that it specifies a successfully found update, with a Trojan horse executable file (e.g., guardxup.exe) and the correct CRC32 checksum for that file.
CVSS 7.4
CVE-2017-12653 EXPLOITDB HIGH WRITEUP
360totalsecurity 360 Total Security - Uncontrolled Search Path
360 Total Security 9.0.0.1202 before 2017-07-07 allows Privilege Escalation via a Trojan horse Shcore.dll file in any directory in the PATH, as demonstrated by the C:\Python27 directory.
CVSS 7.8
CVE-2017-7950 EXPLOITDB MEDIUM WORKING POC
Gonitro Nitro Pro < 11.0.3 - Improper Input Validation
Nitro Pro 11.0.3 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted PCX file.
CVSS 5.5
CVE-2017-11657 EXPLOITDB HIGH WRITEUP
Dashlane - Privilege Escalation
Dashlane might allow local users to gain privileges by placing a Trojan horse WINHTTP.dll in the %APPDATA%\Dashlane directory.
CVSS 7.3
CVE-2018-6460 EXPLOITDB HIGH WORKING POC
Anchorfree Hotspot Shield - Information Disclosure
Hotspot Shield runs a webserver with a static IP address 127.0.0.1 and port 895. The web server uses JSONP and hosts sensitive information including configuration. User controlled input is not sufficiently filtered: an unauthenticated attacker can send a POST request to /status.js with the parameter func=$_APPLOG.Rfunc and extract sensitive information about the machine, including whether the user is connected to a VPN, to which VPN he/she is connected, and what is their real IP address.
CVSS 7.5
CVE-2004-0295 EXPLOITDB perl WORKING POC
Transsoft Broker FTP Server - Denial of Service
TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to cause a denial of service (CPU consumption) via an open idle connection.
CVE-2017-18019 EXPLOITDB HIGH WORKING POC
K7computing Total Security < 15.1.0.305 - Improper Input Validation
In K7 Total Security before 15.1.0.305, user-controlled input to the K7Sentry device is not sufficiently sanitized: the user-controlled input can be used to compare an arbitrary memory address with a fixed value, which in turn can be used to read the contents of arbitrary memory. Similarly, the product crashes upon a \\.\K7Sentry DeviceIoControl call with an invalid kernel pointer.
CVSS 7.1
CVE-2017-13068 EXPLOITDB HIGH WORKING POC
Qnap Qts Helpdesk < 1.1.12 - SQL Injection
QNAP has already patched this vulnerability. This security concern allows a remote attacker to perform an SQL injection on the application and obtain Helpdesk application information. A remote attacker does not require any privileges to successfully execute this attack.
CVSS 7.5
CVE-2017-15579 EXPLOITDB CRITICAL WRITEUP
Phpsugar Php Melody < 2.7.2 - SQL Injection
In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via an aa_pages_per_page cookie in a playlist action to watch.php.
CVSS 9.8
CVE-2018-5955 EXPLOITDB CRITICAL WORKING POC
GitStack <2.3.10 - Privilege Escalation
An issue was discovered in GitStack through 2.3.10. User controlled input is not sufficiently filtered, allowing an unauthenticated attacker to add a user to the server via the username and password fields to the rest/user/ URI.
CVSS 9.8
CVE-2017-15235 EXPLOITDB HIGH WRITEUP
Horde Groupware <5.2.21 - Auth Bypass
The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact filename.
CVSS 7.5
EIP-2026-107614 EXPLOITDB text WRITEUP
Horde Groupware Webmail 3/4/5 - Multiple Remote Code Executions
CVE-2017-16935 EXPLOITDB CRITICAL WORKING POC
Ametys <4.0.3 - Auth Bypass
Ametys before 4.0.3 requires authentication only for URIs containing a /cms/ substring, which allows remote attackers to bypass intended access restrictions via a direct request to /plugins/core-ui/servercomm/messages.xml, as demonstrated by changing the admin password by obtaining account details via a users/search.json request, and then modifying the account via an editUser request.
CVSS 9.8
CVE-2017-10355 EXPLOITDB MEDIUM WORKING POC
Oracle Jdk < 11.70.1 - Denial of Service
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVSS 5.3