Sense of Security Labs

10 exploits Active since May 2011
CVE-2011-0962 EXPLOITDB text WRITEUP
Cisco Unified Operations Manager < 8.5 - XSS
Cross-site scripting (XSS) vulnerability in CSCOnm/servlet/com.cisco.nm.help.ServerHelpEngine in the Common Services Device Center in Cisco Unified Operations Manager (CUOM) before 8.6 allows remote attackers to inject arbitrary web script or HTML via the tag parameter, aka Bug ID CSCto12712.
CVE-2011-0961 EXPLOITDB text WRITEUP
Ciscoworks Common Services < 3.3 - XSS
Cross-site scripting (XSS) vulnerability in cwhp/device.center.do in the Help servlet in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the device parameter, aka Bug ID CSCto12704.
CVE-2011-0960 EXPLOITDB text WRITEUP
Cisco Unified Operations Manager < 8.5 - SQL Injection
Multiple SQL injection vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to execute arbitrary SQL commands via (1) the CCMs parameter to iptm/PRTestCreation.do or (2) the ccm parameter to iptm/TelePresenceReportAction.do, aka Bug ID CSCtn61716.
CVE-2011-0959 EXPLOITDB text WRITEUP
Cisco Unified Operations Manager < 8.5 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script or HTML via (1) the extn parameter to iptm/advancedfind.do, (2) the deviceInstanceName parameter to iptm/ddv.do, the (3) cmd or (4) group parameter to iptm/eventmon, the (5) clusterName or (6) deviceName parameter to iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp, or the (7) ccmName or (8) clusterName parameter to iptm/logicalTopo.do, aka Bug ID CSCtn61716.
CVE-2011-0966 EXPLOITDB text WRITEUP
Ciscoworks Common Services < 3.3 - Path Traversal
Directory traversal vulnerability in cwhp/auditLog.do in the Homepage Auditing component in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, aka Bug ID CSCto35577.
CVE-2013-6618 EXPLOITDB text WRITEUP
Juniper Junos < 10.4 - Improper Input Validation
jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1 before 12.1R5, 12.2 before 12.2R3, and 12.3 before 12.3R1 allows remote authenticated users to execute arbitrary commands via the rsargs parameter in an exec action.
CVE-2011-2260 EXPLOITDB text WRITEUP
Oracle Sun Products Suite 2.1.1 - Info Disclosure
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Products Suite 2.1.1 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Administration.
EIP-2026-101875 EXPLOITDB text WORKING POC
Netgear Wireless Cable Modem Gateway - Authentication Bypass / Cross-Site Request Forgery
EIP-2026-100366 EXPLOITDB text WORKING POC
Iciniti Store - SQL Injection
EIP-2026-100305 EXPLOITDB text WRITEUP
Elcom CommunityManager.NET - Authentication Bypass