Tiago Ferreira

6 exploits Active since Feb 2007
CVE-2007-0977 METASPLOIT ruby WORKING POC
IBM Lotus Domino R5-R6 WebMail - Info Disclosure
IBM Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores HTTPPassword hashes from names.nsf in a manner accessible through Readviewentries and OpenDocument requests to the defaultview view, a different vector than CVE-2005-2428.
CVE-2009-2335 METASPLOIT ruby WORKING POC
WordPress < 2.8.1 - Username Enumeration via Failed Login Behavior
WordPress and WordPress MU before 2.8.1 exhibit different behavior for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for "user convenience."
CVE-2010-2263 METASPLOIT ruby WORKING POC
nginx 0.7.52-0.7.65 and 0.8-0.8.39 on Windows - Unauthenticated Arbitrary File Read via ::$DATA URI Suffix
nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
CVE-2010-20109 METASPLOIT HIGH ruby WORKING POC
Barracuda <October 2010 - Path Traversal
Barracuda products, confirmed in Spam & Virus Firewall, SSL VPN, and Web Application Firewall versions prior to October 2010, contain a path traversal vulnerability in the view_help.cgi endpoint. The locale parameter fails to properly sanitize user input, allowing attackers to inject traversal sequences and null-byte terminators to access arbitrary files on the underlying system. By exploiting this flaw, unauthenticated remote attackers can retrieve sensitive configuration files such as /mail/snapshot/config.snapshot, potentially exposing credentials, internal settings, and other critical data.
EIP-2026-119316 EXPLOITDB ruby WORKING POC
Xerver 4.32 - Source Disclosure / HTTP Authentication Bypass (Metasploit)
CVE-2009-2335 EXPLOITDB ruby WORKING POC
WordPress < 2.8.1 - Username Enumeration via Failed Login Behavior
WordPress and WordPress MU before 2.8.1 exhibit different behavior for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for "user convenience."