SecuriTeam

57 exploits Active since Nov 2000
CVE-2017-1092 EXPLOITDB CRITICAL ruby WORKING POC
IBM Informix Open Admin Tool <12.1 - RCE
IBM Informix Open Admin Tool 11.5, 11.7, and 12.1 could allow an unauthorized user to execute arbitrary code as system admin on Windows servers. IBM X-Force ID: 120390.
CVSS 9.8
CVE-2017-10355 EXPLOITDB MEDIUM WORKING POC
Oracle JDK 6u161, 7u151, 8u144, 9 and Java SE Embedded 8u144 - Unauthenticated Partial Denial of Service via Networking
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVSS 5.3
CVE-2017-17672 EXPLOITDB CRITICAL WORKING POC
vBulletin < 5.3.3 - Unauthenticated Deserialization via Template Cache API
In vBulletin through 5.3.x, there is an unauthenticated deserialization vulnerability that leads to arbitrary file deletion and, under certain circumstances, code execution, because of unsafe usage of PHP's unserialize() in vB_Library_Template's cacheTemplates() function, which is a publicly exposed API. This is exploited with the templateidlist parameter to ajax/api/template/cacheTemplates.
CVSS 9.8
EIP-2026-104299 EXPLOITDB text WORKING POC
KEMP LoadMaster 7.135.0.13245 - Persistent Cross-Site Scripting / Remote Code Execution
CVE-2016-3542 EXPLOITDB MEDIUM text WORKING POC
Oracle E- Business Suite <12.2.5 - Info Disclosure
Unspecified vulnerability in the Oracle Knowledge Management component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote administrators to affect confidentiality and integrity via unknown vectors.
CVSS 6.5
EIP-2026-104474 EXPLOITDB WRITEUP
vBulletin 5.x - 'routestring' Remote Code Execution
CVE-2003-1522 EXPLOITDB text WORKING POC
PSCS VPOP3 Web Mail Server 2.0e-2.0f - Cross-Site Scripting via Redirect Parameter
Cross-site scripting (XSS) vulnerability in PSCS VPOP3 Web Mail server 2.0e and 2.0f allows remote attackers to inject arbitrary web script or HTML via the redirect parameter to the admin/index.html page.
CVE-2018-15379 EXPLOITDB CRITICAL ruby WORKING POC
Cisco Prime Infrastructure - Path Traversal
A vulnerability in which the HTTP web server for Cisco Prime Infrastructure (PI) has unrestricted directory permissions could allow an unauthenticated, remote attacker to upload an arbitrary file. This file could allow the attacker to execute commands at the privilege level of the user prime. This user does not have administrative or root privileges. The vulnerability is due to an incorrect permission setting for important system directories. An attacker could exploit this vulnerability by uploading a malicious file by using TFTP, which can be accessed via the web-interface GUI. A successful exploit could allow the attacker to run commands on the targeted application without authentication.
CVSS 9.8
CVE-2018-2698 EXPLOITDB HIGH WRITEUP
Oracle VM VirtualBox <5.1.32-5.2.6 - RCE
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
CVSS 8.8
CVE-2017-16353 EXPLOITDB MEDIUM python WORKING POC
GraphicsMagick 1.3.26 - Info Disclosure
GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments are never checked.
CVSS 6.5
CVE-2017-12243 EXPLOITDB HIGH WORKING POC
Cisco UCS Manager - Privilege Escalation
A vulnerability in the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to obtain root shell privileges on the device, aka Command Injection. The vulnerability is due to improper validation of string input in the shell application. An attacker could exploit this vulnerability through the use of malicious commands. A successful exploit could allow the attacker to obtain root shell privileges on the device. Cisco Bug IDs: CSCvf20741, CSCvf60078.
CVSS 7.8
CVE-2017-5815 EXPLOITDB CRITICAL WORKING POC
HPE Intelligent Management Center PLAT 7.3 E0504P04 - Remote Code Execution
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
CVSS 9.8
CVE-2017-15647 EXPLOITDB HIGH WORKING POC
FiberHome Routers - Local File Inclusion
On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value.
CVSS 7.5
CVE-2017-16934 EXPLOITDB CRITICAL WORKING POC
dbltek web_server - Authenticated OS Command Injection via change_password.csp passwd Parameter
The web server on DBL DBLTek devices allows remote attackers to execute arbitrary OS commands by obtaining the admin password via a frame.html?content=/dev/mtdblock/5 request, and then using this password for the HTTP Basic Authentication needed for a change_password.csp request, which supports a "<%%25call system.exec:" string in the passwd parameter.
CVSS 9.8
CVE-2017-18001 EXPLOITDB CRITICAL WORKING POC
Trustwave Secure Web Gateway <= 11.8.0.27 - Unauthenticated SSH Key Injection via /sendKey PublicKey Parameter
Trustwave Secure Web Gateway (SWG) through 11.8.0.27 allows remote attackers to append an arbitrary public key to the device's SSH Authorized Keys data, and consequently obtain remote root access, via the publicKey parameter to the /sendKey URI.
CVSS 9.8
CVE-2017-10803 EXPLOITDB MEDIUM WORKING POC
Odoo 8.0, 9.0, 10.0 - Authenticated Remote Code Execution via Database Anonymization Unpickle
In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, insecure handling of anonymization data in the Database Anonymization module allows remote authenticated privileged users to execute arbitrary Python code, because unpickle is used.
CVSS 6.5
CVE-2017-16939 EXPLOITDB HIGH WORKING POC
Linux kernel <4.13.11 - Privilege Escalation/DoS
The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages.
CVSS 7.8
EIP-2026-102643 EXPLOITDB c WORKING POC
Linux Kernel - 'AF_PACKET' Use-After-Free (1)
EIP-2026-102663 EXPLOITDB c WORKING POC
Linux Kernel < 4.17-rc1 - 'AF_LLC' Double Free
CVE-2017-15649 EXPLOITDB HIGH WORKING POC
Linux Kernel < 4.13.6 - Use-After-Free via Packet Fanout Race Condition
net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346.
CVSS 7.8
CVE-2017-1000353 EXPLOITDB CRITICAL text WORKING POC
Jenkins < 2.56 and < 2.46.1 - Unauthenticated Remote Code Execution via Java Deserialization
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java `SignedObject` object to the Jenkins CLI, that would be deserialized using a new `ObjectInputStream`, bypassing the existing blacklist-based protection mechanism. We're fixing this issue by adding `SignedObject` to the blacklist. We're also backporting the new HTTP CLI protocol from Jenkins 2.54 to LTS 2.46.2, and deprecating the remoting-based (i.e. Java serialization) CLI protocol, disabling it by default.
CVSS 9.8
EIP-2026-101658 EXPLOITDB WORKING POC
Dasan Networks GPON ONT WiFi Router H640X 12.02-01121 / 2.77p1-1124 / 3.03p2-1146 - Remote Code Execution
CVE-2017-15236 EXPLOITDB HIGH WORKING POC
Tiandy IP Camera Firmware 5.56.17.120 - Unauthenticated Sensitive Information Exposure via TCP Port 3001
Tiandy IP cameras 5.56.17.120 do not properly restrict a certain proprietary protocol, which allows remote attackers to read settings via a crafted request to TCP port 3001, as demonstrated by config* files and extendword.txt.
CVSS 7.5
CVE-2017-12854 EXPLOITDB WORKING POC
Sophos XG Firewall 16.05.4 MR-4 - Path Traversal
CVE-2017-3898 EXPLOITDB MEDIUM WORKING POC
McAfee LiveSafe <16.0.3 - Privilege Escalation
A man-in-the-middle attack vulnerability in the non-certificate-based authentication mechanism in McAfee LiveSafe (MLS) versions prior to 16.0.3 allows network attackers to modify the Windows registry value associated with the McAfee update via the HTTP backend-response.
CVSS 5.9