Trustwave's SpiderLabs

41 exploits Active since Jun 2009
CVE-2013-4867 EXPLOITDB MEDIUM text WRITEUP
Electronic Arts Karotz Smart Rabbit <12.07.19.00 - Code Injection
Electronic Arts Karotz Smart Rabbit 12.07.19.00 allows Python module hijacking
CVSS 6.3
CVE-2013-4864 EXPLOITDB CRITICAL text WORKING POC
MiCasaVerde VeraLite <1.5.408 - SSRF
MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to send HTTP requests to intranet servers via the url parameter to cgi-bin/cmh/proxy.sh, related to a Server-Side Request Forgery (SSRF) issue.
CVSS 9.8
CVE-2013-4863 EXPLOITDB HIGH text WORKING POC
MiCasaVerde VeraLite <1.5.408 - RCE
The HomeAutomationGateway service in MiCasaVerde VeraLite with firmware 1.5.408 allows (1) remote attackers to execute arbitrary Lua code via a RunLua action in a request to upnp/control/hag on port 49451 or (2) remote authenticated users to execute arbitrary Lua code via a RunLua action in a request to port_49451/upnp/control/hag.
CVSS 8.8
CVE-2013-4862 EXPLOITDB HIGH text WORKING POC
MiCasaVerde VeraLite <1.5.408 - Privilege Escalation
MiCasaVerde VeraLite with firmware 1.5.408 does not properly restrict access, which allows remote authenticated users to (1) update the firmware via the squashfs parameter to upgrade_step2.sh or (2) obtain hashed passwords via the cgi-bin/cmh/backup.sh page.
CVSS 8.1
CVE-2013-4861 EXPLOITDB MEDIUM text WORKING POC
MiCasaVerde VeraLite <1.5.408 - Path Traversal
Directory traversal vulnerability in cgi-bin/cmh/get_file.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote authenticated users to read arbirary files via a .. (dot dot) in the filename parameter.
CVSS 6.5
CVE-2012-1260 EXPLOITDB MEDIUM text WRITEUP
Scrutinizer NetFlow & sFlow Analyzer 8.6.2.16204-9.0.1.19899 - Cross-Site Scripting via newUser Parameter
Cross-site scripting (XSS) vulnerability in cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & sFlow Analyzer 8.6.2.16204, and possibly other versions before 9.0.1.19899, allows remote attackers to inject arbitrary web script or HTML via the newUser parameter. NOTE: this might not be a vulnerability, since an administrator might already have the privileges to create arbitrary script.
CVSS 6.1
CVE-2012-1259 EXPLOITDB CRITICAL text WRITEUP
Scrutinizer NetFlow & sFlow Analyzer 8.6.2.16204-9.0.1.19899 - SQL Injection via Multiple CGI Parameters
Multiple SQL injection vulnerabilities in Plixer International Scrutinizer NetFlow & sFlow Analyzer 8.6.2.16204, and possibly other versions before 9.0.1.19899, allow remote attackers to execute arbitrary SQL commands via the (1) addip parameter to cgi-bin/scrut_fa_exclusions.cgi, (2) getPermissionsAndPreferences parameter to cgi-bin/login.cgi, or (3) possibly certain parameters to d4d/alarms.php as demonstrated by the search_str parameter.
CVSS 9.8
CVE-2012-1258 EXPLOITDB MEDIUM text WRITEUP
Scrutinizer NetFlow & sFlow Analyzer < 9.0.1.19899 - Unauthenticated Privilege Escalation via User Preferences CGI
cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & sFlow Analyzer before 9.0.1.19899 does not validate user permissions, which allow remote attackers to add user accounts with administrator privileges via the newuser, pwd, and selectedUserGroup parameters.
CVSS 6.5
CVE-2012-0782 EXPLOITDB text WORKING POC
WordPress < 3.3.1 - Cross-Site Scripting via Installation Setup Parameters
Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dbhost, (2) dbname, or (3) uname parameter. NOTE: the vendor disputes the significance of this issue; also, it is unclear whether this specific XSS scenario has security relevance
CVE-2011-4899 EXPLOITDB text WORKING POC
WordPress < 3.3.1 - Static Code Injection and Cross-Site Scripting via Database Configuration
wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not ensure that the specified MySQL database service is appropriate, which allows remote attackers to configure an arbitrary database via the dbhost and dbname parameters, and subsequently conduct static code injection and cross-site scripting (XSS) attacks via (1) an HTTP request or (2) a MySQL query. NOTE: the vendor disputes the significance of this issue; however, remote code execution makes the issue important in many realistic environments
CVE-2011-4898 EXPLOITDB text WORKING POC
WordPress < 3.3.1 - Unauthenticated Sensitive Information Exposure via Installation Error Messages
wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier generates different error messages for requests lacking a dbname parameter depending on whether the MySQL credentials are valid, which makes it easier for remote attackers to conduct brute-force attacks via a series of requests with different uname and pwd parameters. NOTE: the vendor disputes the significance of this issue; also, it is unclear whether providing intentionally vague error messages during installation would be reasonable from a usability perspective
CVE-2011-0886 EXPLOITDB text WORKING POC
SMC SMCD3G-CCR Firmware < 1.4.0.49 - Cross-Site Request Forgery via Web Interface
Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the SMC SMCD3G-CCR (aka Comcast Business Gateway) with firmware before 1.4.0.49.2 allow remote attackers to (1) hijack the intranet connectivity of arbitrary users for requests that perform a login via goform/login, or hijack the authentication of administrators for requests that (2) enable external logins via an mso_remote_enable action to goform/RemoteRange or (3) change DNS settings via a manual_dns_enable action to goform/Basic.
CVE-2011-0885 EXPLOITDB text WORKING POC
SMC SMCD3G-CCR < 1.4.0.49 - Unauthenticated Administrative Access via Default Credentials
A certain Comcast Business Gateway configuration of the SMC SMCD3G-CCR with firmware before 1.4.0.49.2 has a default password of D0nt4g3tme for the mso account, which makes it easier for remote attackers to obtain administrative access via the (1) web interface or (2) TELNET interface.
CVE-2014-1204 EXPLOITDB text WRITEUP
Tableau Server 8.0.x-8.0.6 and 8.1.x-8.1.1 - Authenticated SQL Injection
SQL injection vulnerability in Tableau Server 8.0.x before 8.0.7 and 8.1.x before 8.1.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be exploited by unauthenticated remote attackers if the guest user is enabled.
CVE-2013-4884 EXPLOITDB text WRITEUP
McAfee SuperScan 4.0 - Cross-Site Scripting via UTF-7 Encoded Server Response
Cross-site scripting (XSS) vulnerability in McAfee SuperScan 4.0 allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded sequences in a server response, which is not properly handled in the SuperScan HTML report.
CVE-2013-7246 EXPLOITDB html WORKING POC
DaumGame ActiveX Control 1.1.0.4 and 1.1.0.5 - Buffer Overflow via IconCreate Method
Buffer overflow in the IconCreate method in an ActiveX control in the DaumGame ActiveX plugin 1.1.0.4 and 1.1.0.5 allows remote attackers to execute arbitrary code via a long string, as exploited in the wild in January 2014.
EIP-2026-118671 EXPLOITDB text WRITEUP
IBM Web Application Firewall - Bypass
CVE-2012-0937 EXPLOITDB text WORKING POC
WordPress < 3.3.1 - Denial of Service via MySQL Query Proxy in Setup-Config
wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not limit the number of MySQL queries sent to external MySQL database servers, which allows remote attackers to use WordPress as a proxy for brute-force attacks or denial of service attacks via the dbhost parameter, a different vulnerability than CVE-2011-4898. NOTE: the vendor disputes the significance of this issue because an incomplete WordPress installation might be present on the network for only a short time
CVE-2015-1503 EXPLOITDB HIGH text WORKING POC
IceWarp Mail Server <11.2 - Path Traversal
Multiple directory traversal vulnerabilities in IceWarp Mail Server before 11.2 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the file parameter to a webmail/client/skins/default/css/css.php page or .../. (dot dot dot slash dot) in the (2) script or (3) style parameter to webmail/old/calendar/minimizer/index.php.
CVSS 7.5
CVE-2010-3490 EXPLOITDB text WORKING POC
FreePBX < 2.8.0 - Authenticated Path Traversal and Arbitrary File Write via System Recordings Component
Directory traversal vulnerability in page.recordings.php in the System Recordings component in the configuration interface in FreePBX 2.8.0 and earlier allows remote authenticated administrators to create arbitrary files via a .. (dot dot) in the usersnum parameter to admin/config.php, as demonstrated by creating a .php file under the web root.
CVE-2012-5193 EXPLOITDB MEDIUM text WRITEUP
bitweaver < 2.8.1 - Cross-Site Scripting via Path Info or Parameter Injection
Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) stats/index.php or (2) newsletters/edition.php or the (3) username parameter to users/remind_password.php, (4) days parameter to stats/index.php, (5) login parameter to users/register.php, or (6) highlight parameter.
CVSS 6.1
CVE-2013-5689 EXPLOITDB text WRITEUP
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-5688. Reason: This issue has been MERGED with CVE-2013-5688 in accordance with CVE content decisions, because it is the same type of vulnerability affecting the same versions. Notes: All CVE users should reference CVE-2013-5688 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
CVE-2012-1261 EXPLOITDB MEDIUM text WRITEUP
Scrutinizer NetFlow & sFlow Analyzer < 8.6.2.16204 - Cross-Site Scripting via Standalone Parameter
Cross-site scripting (XSS) vulnerability in cgi-bin/scrut_fa_exclusions.cgi in Plixer International Scrutinizer NetFlow and sFlow Analyzer 8.6.2.16204 and other versions before 9.0.1.19899 allows remote attackers to inject arbitrary web script or HTML via the standalone parameter.
CVSS 6.1
CVE-2017-1000028 EXPLOITDB HIGH text WORKING POC
Oracle GlassFish Server Open Source Edition 4.1 - Path Traversal
Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request.
CVSS 7.5
CVE-2014-0050 EXPLOITDB ruby WORKING POC
Apache Commons FileUpload <1.3.1 - DoS
MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.