Stefan Viehböck

11 exploits Active since Aug 2014
CVE-2014-7289 EXPLOITDB WORKING POC
Symantec SCSP <5.2.9, SDCS:SA <6.0 MP1 - SQL Injection
SQL injection vulnerability in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request.
CVE-2014-9224 EXPLOITDB WORKING POC
Symantec SCSP/SDCS:SA <6.0 MP1 - XSS
Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-9225 EXPLOITDB WRITEUP
Symantec SCSP/SDCS:SA <6.0 MP1 - Info Disclosure
The ajaxswing webui in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to obtain sensitive server information via unspecified vectors.
CVE-2014-9181 EXPLOITDB WRITEUP
Plex Media Server <0.9.9.3 - Path Traversal
Multiple directory traversal vulnerabilities in Plex Media Server before 0.9.9.3 allow remote attackers to read arbitrary files via a .. (dot dot) in the URI to (1) manage/ or (2) web/ or remote authenticated users to read arbitrary files via a .. (dot dot) in the URI to resources/.
CVE-2014-3437 EXPLOITDB WRITEUP
Symantec Endpoint Protection Manager < 12.1 RU5 - XML External Entity Injection via Management Console
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to read arbitrary files or send TCP requests to intranet servers via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2014-3438 EXPLOITDB WRITEUP
Symantec Endpoint Protection Manager < 12.1 RU5 - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in console interface scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-9226 EXPLOITDB text WORKING POC
Symantec SCSP <5.2.9, SDCS:SA <6.0 MP1 - Auth Bypass
The management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows local users to bypass intended Protection Policies via unspecified vectors.
CVE-2014-9304 EXPLOITDB text WRITEUP
Plex Media Server < 0.9.9.2 - Server-Side Request Forgery and Authentication Bypass via X-Plex-Url Header
Plex Media Server before 0.9.9.3 allows remote attackers to bypass the web server whitelist, conduct SSRF attacks, and execute arbitrary administrative actions via multiple crafted X-Plex-Url headers to system/proxy, which are inconsistently processed by the request handler in the backend web server.
CVE-2014-5350 EXPLOITDB text WRITEUP
Bitdefender GravityZone < 5.1.5.386 - Path Traversal via Web Console or Update Server
Multiple directory traversal vulnerabilities in Bitdefender GravityZone before 5.1.11.432 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the id parameter to webservice/CORE/downloadFullKitEpc/a/1 in the Web Console or (2) %2E%2E (encoded dot dot) in the default URI to port 7074 on the Update Server.
CVE-2014-3439 EXPLOITDB text WORKING POC
Symantec Endpoint Protection Manager <12.1 - RCE
ConsoleServlet in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allows remote attackers to write to arbitrary files via unspecified vectors.
CVE-2018-13110 EXPLOITDB HIGH text WRITEUP
Adbglobal Dv2210 Firmware - Incorrect Permission Assignment
All ADB broadband gateways / routers based on the Epicentro platform are affected by a privilege escalation vulnerability where attackers can gain access to the command line interface (CLI) if previously disabled by the ISP, escalate their privileges, and perform further attacks.
CVSS 7.5