SecuriTeam

57 exploits Active since Nov 2000
CVE-2017-2796 EXPLOITDB WORKING POC
Nitro Pro PDF - Multiple Vulnerabilities
CVE-2016-2183 EXPLOITDB HIGH text WORKING POC
Redhat Jboss Enterprise Application Platform - Information Disclosure
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.
CVSS 7.5
CVE-2017-16352 EXPLOITDB HIGH python WORKING POC
GraphicsMagick 1.3.26 - Buffer Overflow
GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage() function of the magick/describe.c file. One possible way to trigger the vulnerability is to run the identify command on a specially crafted MIFF format file with the verbose flag.
CVSS 8.8
CVE-2017-1092 METASPLOIT CRITICAL ruby WORKING POC
IBM Informix Open Admin Tool <12.1 - RCE
IBM Informix Open Admin Tool 11.5, 11.7, and 12.1 could allow an unauthorized user to execute arbitrary code as system admin on Windows servers. IBM X-Force ID: 120390.
CVSS 9.8
CVE-2017-11471 EXPLOITDB CRITICAL WORKING POC
IDERA Uptime Monitor 7.8 - SQL Injection
IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/uptime.CapacityWhatIfGadget/getmetrics.php via the element parameter.
CVSS 9.8
EIP-2026-119686 EXPLOITDB text WORKING POC
Trend Micro Deep Security 6.5 - XML External Entity Injection / Local Privilege Escalation / Remote Code Execution
CVE-2017-1092 EXPLOITDB CRITICAL text WORKING POC
IBM Informix Open Admin Tool <12.1 - RCE
IBM Informix Open Admin Tool 11.5, 11.7, and 12.1 could allow an unauthorized user to execute arbitrary code as system admin on Windows servers. IBM X-Force ID: 120390.
CVSS 9.8
CVE-2006-1771 EXPLOITDB text WORKING POC
SAXoTECH SAXoPRESS - Path Traversal
Directory traversal vulnerability in misc in pbcs.dll in SAXoTECH SAXoPRESS, aka Saxotech Online (formerly Publicus) allows remote attackers to read arbitrary files and possibly execute arbitrary programs via a .. (dot dot) in the url parameter.
CVE-2017-11467 EXPLOITDB CRITICAL WORKING POC
OrientDB < 2.2.22 - Remote Code Execution via Unprivileged Query Operations
OrientDB through 2.2.22 does not enforce privilege requirements during "where" or "fetchplan" or "order by" use, which allows remote attackers to execute arbitrary OS commands via a crafted request.
CVSS 9.8
CVE-2002-0637 EXPLOITDB perl WORKING POC
InterScan VirusWall 3.52 build 1462 - Auth Bypass
InterScan VirusWall 3.52 build 1462 allows remote attackers to bypass virus protection via e-mail messages with headers that violate RFC specifications by having (or missing) space characters in unexpected places (aka "space gap"), such as (1) Content-Type :", (2) "Content-Transfer-Encoding :", (3) no space before a boundary declaration, or (4) "boundary= ", which is processed by Outlook Express.
CVE-2017-3897 EXPLOITDB CRITICAL WORKING POC
McAfee Live Safe <16.0.3, MSS+ <3.11.599.3 - Code Injection
A Code Injection vulnerability in the non-certificate-based authentication mechanism in McAfee Live Safe versions prior to 16.0.3 and McAfee Security Scan Plus (MSS+) versions prior to 3.11.599.3 allows network attackers to perform a malicious file execution via a HTTP backend-response.
CVSS 9.8
CVE-2000-0836 EXPLOITDB text WRITEUP
CamShot WebCam Trial2.6 - Remote Code Execution via Long Authorization Header
Buffer overflow in CamShot WebCam Trial2.6 allows remote attackers to execute arbitrary commands via a long Authorization header.
CVE-2017-15643 EXPLOITDB HIGH WORKING POC
IKARUS Anti Virus 2.16.7 - Remote Code Execution via HTTP Update Response Manipulation
An active network attacker (MiTM) can achieve remote code execution on a machine that runs IKARUS Anti Virus 2.16.7. IKARUS AV for Windows uses cleartext HTTP for updates along with a CRC32 checksum and an update value for verification of the downloaded files. The attacker first forces the client to initiate an update transaction by modifying an update field within an HTTP 200 response, so that it refers to a nonexistent update. The attacker then modifies the HTTP 404 response so that it specifies a successfully found update, with a Trojan horse executable file (e.g., guardxup.exe) and the correct CRC32 checksum for that file.
CVSS 7.4
CVE-2017-12653 EXPLOITDB HIGH WRITEUP
360 Total Security < 9.0.0.1202 - Privilege Escalation via Shcore.dll Path Hijacking
360 Total Security 9.0.0.1202 before 2017-07-07 allows Privilege Escalation via a Trojan horse Shcore.dll file in any directory in the PATH, as demonstrated by the C:\Python27 directory.
CVSS 7.8
CVE-2017-7950 EXPLOITDB MEDIUM WORKING POC
Nitro Pro < 11.0.3 - Denial of Service via Crafted PCX File
Nitro Pro 11.0.3 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted PCX file.
CVSS 5.5
CVE-2017-11657 EXPLOITDB HIGH WRITEUP
Dashlane - Untrusted Search Path Privilege Escalation via WINHTTP.dll
Dashlane might allow local users to gain privileges by placing a Trojan horse WINHTTP.dll in the %APPDATA%\Dashlane directory.
CVSS 7.3
CVE-2018-6460 EXPLOITDB HIGH WORKING POC
Hotspot Shield - Unauthenticated Sensitive Information Exposure via JSONP Callback Parameter
Hotspot Shield runs a webserver with a static IP address 127.0.0.1 and port 895. The web server uses JSONP and hosts sensitive information including configuration. User controlled input is not sufficiently filtered: an unauthenticated attacker can send a POST request to /status.js with the parameter func=$_APPLOG.Rfunc and extract sensitive information about the machine, including whether the user is connected to a VPN, to which VPN he/she is connected, and what is their real IP address.
CVSS 7.5
CVE-2004-0295 EXPLOITDB perl WORKING POC
Broker FTP Server 6.1.0.0 - Denial of Service via Idle Connection
TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to cause a denial of service (CPU consumption) via an open idle connection.
CVE-2017-18019 EXPLOITDB HIGH WORKING POC
K7 Total Security < 15.1.0.305 - Arbitrary Memory Read via K7Sentry Device Input
In K7 Total Security before 15.1.0.305, user-controlled input to the K7Sentry device is not sufficiently sanitized: the user-controlled input can be used to compare an arbitrary memory address with a fixed value, which in turn can be used to read the contents of arbitrary memory. Similarly, the product crashes upon a \\.\K7Sentry DeviceIoControl call with an invalid kernel pointer.
CVSS 7.1
CVE-2017-13068 EXPLOITDB HIGH WORKING POC
QNAP QTS Helpdesk < 1.1.12 - Unauthenticated SQL Injection
QNAP has already patched this vulnerability. This security concern allows a remote attacker to perform an SQL injection on the application and obtain Helpdesk application information. A remote attacker does not require any privileges to successfully execute this attack.
CVSS 7.5
CVE-2017-15579 EXPLOITDB CRITICAL WRITEUP
php_melody < 2.7.3 - SQL Injection via aa_pages_per_page Cookie
In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via an aa_pages_per_page cookie in a playlist action to watch.php.
CVSS 9.8
CVE-2018-5955 EXPLOITDB CRITICAL WORKING POC
GitStack <2.3.10 - Privilege Escalation
An issue was discovered in GitStack through 2.3.10. User controlled input is not sufficiently filtered, allowing an unauthenticated attacker to add a user to the server via the username and password fields to the rest/user/ URI.
CVSS 9.8
CVE-2017-15235 EXPLOITDB HIGH WRITEUP
Horde Groupware <5.2.21 - Auth Bypass
The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact filename.
CVSS 7.5
EIP-2026-107614 EXPLOITDB text WRITEUP
Horde Groupware Webmail 3/4/5 - Multiple Remote Code Executions
CVE-2017-16935 EXPLOITDB CRITICAL WORKING POC
Ametys < 4.0.3 - Unauthenticated Access Control Bypass via Direct Request
Ametys before 4.0.3 requires authentication only for URIs containing a /cms/ substring, which allows remote attackers to bypass intended access restrictions via a direct request to /plugins/core-ui/servercomm/messages.xml, as demonstrated by changing the admin password by obtaining account details via a users/search.json request, and then modifying the account via an editUser request.
CVSS 9.8