Sense of Security Labs

10 exploits Active since May 2011
CVE-2011-0962 EXPLOITDB text WRITEUP
Cisco Unified Operations Manager < 8.6 - Cross-Site Scripting via Tag Parameter
Cross-site scripting (XSS) vulnerability in CSCOnm/servlet/com.cisco.nm.help.ServerHelpEngine in the Common Services Device Center in Cisco Unified Operations Manager (CUOM) before 8.6 allows remote attackers to inject arbitrary web script or HTML via the tag parameter, aka Bug ID CSCto12712.
CVE-2011-0961 EXPLOITDB text WRITEUP
CiscoWorks Common Services < 3.3 - Cross-Site Scripting via Device Parameter
Cross-site scripting (XSS) vulnerability in cwhp/device.center.do in the Help servlet in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the device parameter, aka Bug ID CSCto12704.
CVE-2011-0960 EXPLOITDB text WRITEUP
Cisco Unified Operations Manager < 8.6 - SQL Injection via CCMs or ccm Parameter
Multiple SQL injection vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to execute arbitrary SQL commands via (1) the CCMs parameter to iptm/PRTestCreation.do or (2) the ccm parameter to iptm/TelePresenceReportAction.do, aka Bug ID CSCtn61716.
CVE-2011-0959 EXPLOITDB text WRITEUP
Cisco Unified Operations Manager < 8.6 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script or HTML via (1) the extn parameter to iptm/advancedfind.do, (2) the deviceInstanceName parameter to iptm/ddv.do, the (3) cmd or (4) group parameter to iptm/eventmon, the (5) clusterName or (6) deviceName parameter to iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp, or the (7) ccmName or (8) clusterName parameter to iptm/logicalTopo.do, aka Bug ID CSCtn61716.
CVE-2011-0966 EXPLOITDB text WRITEUP
CiscoWorks Common Services < 3.3 - Unauthenticated Path Traversal via Audit Log File Parameter
Directory traversal vulnerability in cwhp/auditLog.do in the Homepage Auditing component in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, aka Bug ID CSCto35577.
CVE-2013-6618 EXPLOITDB text WRITEUP
Juniper Junos Authenticated RCE via J-Web PHP rsargs Parameter
jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1 before 12.1R5, 12.2 before 12.2R3, and 12.3 before 12.3R1 allows remote authenticated users to execute arbitrary commands via the rsargs parameter in an exec action.
CVE-2011-2260 EXPLOITDB text WRITEUP
Oracle Sun Products Suite 2.1.1 - Info Disclosure
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Products Suite 2.1.1 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Administration.
EIP-2026-101875 EXPLOITDB text WORKING POC
Netgear Wireless Cable Modem Gateway - Authentication Bypass / Cross-Site Request Forgery
EIP-2026-100366 EXPLOITDB text WORKING POC
Iciniti Store - SQL Injection
EIP-2026-100305 EXPLOITDB text WRITEUP
Elcom CommunityManager.NET - Authentication Bypass