Takeshi Terada

7 exploits Active since Jul 2013
CVE-2013-2251 METASPLOIT CRITICAL ruby WORKING POC
Apache Archiva < 1.3.8 - Injection
Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
CVSS 9.8
EIP-2026-105687 EXPLOITDB text WORKING POC
CakePHP 2.2.8/2.3.7 - AssetDispatcher Class Local File Inclusion
CVE-2013-1727 EXPLOITDB java WORKING POC
Mozilla Firefox < 23.0.1 - XSS
Mozilla Firefox before 24.0 on Android allows attackers to bypass the Same Origin Policy, and consequently conduct cross-site scripting (XSS) attacks or obtain password or cookie information, by using a symlink in conjunction with a file: URL for a local file.
CVE-2013-2251 EXPLOITDB CRITICAL text WRITEUP
Apache Archiva < 1.3.8 - Injection
Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
CVSS 9.8
CVE-2013-2251 EXPLOITDB CRITICAL ruby WORKING POC
Apache Archiva < 1.3.8 - Injection
Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
CVSS 9.8
CVE-2013-2248 EXPLOITDB text WRITEUP
Apache Struts < 2.3.15.1 - Improper Input Validation
Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
EIP-2026-100065 EXPLOITDB text WORKING POC
Facebook for Android - 'LoginActivity' Information Disclosure