W. Ettlinger

15 exploits Active since Dec 2014
CVE-2014-5216 EXPLOITDB WRITEUP
Microfocus Access Manager - XSS
Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allow remote attackers to inject arbitrary web script or HTML via (1) the location parameter in a dev.Empty action to nps/servlet/webacc, (2) the error parameter to nidp/jsp/x509err.jsp, (3) the lang parameter to sslvpn/applet_agent.jsp, or (4) the secureLoggingServersA parameter to roma/system/cntl, a different issue than CVE-2014-9412.
CVE-2018-7706 EXPLOITDB MEDIUM text WRITEUP
SecurEnvoy SecurMail <9.2.501 - Path Traversal
Directory traversal vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read arbitrary e-mail messages via a .. (dot dot) in the option2 parameter in an attachment action to secmail/getmessage.exe.
CVSS 6.5
CVE-2018-7705 EXPLOITDB HIGH text WRITEUP
SecurEnvoy SecurMail <9.2.501 - Path Traversal
Directory traversal vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read e-mail messages to arbitrary recipients via a .. (dot dot) in the filename parameter to secupload2/upload.aspx.
CVSS 8.1
CVE-2018-7704 EXPLOITDB MEDIUM text WRITEUP
SecurEnvoy SecurMail <9.2.501 - Info Disclosure
SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read arbitrary e-mail messages via the option1 parameter in a reply action to secmail/getmessage.exe.
CVSS 6.5
CVE-2018-7703 EXPLOITDB MEDIUM text WRITEUP
SecurEnvoy SecurMail <9.2.501 - XSS
Cross-site scripting (XSS) vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote attackers to inject arbitrary web script or HTML via the mailboxid parameter to secmail/getmessage.exe.
CVSS 6.1
CVE-2018-7702 EXPLOITDB CRITICAL text WRITEUP
SecurEnvoy SecurMail <9.2.501 - RCE
SecurEnvoy SecurMail before 9.2.501 allows remote attackers to spoof transmission of arbitrary e-mail messages, resend e-mail messages to arbitrary recipients, or modify arbitrary message bodies and attachments by leveraging missing authentication and authorization.
CVSS 9.1
CVE-2018-7701 EXPLOITDB MEDIUM text WRITEUP
SecurEnvoy SecurMail <9.2.501 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in SecurEnvoy SecurMail before 9.2.501 allow remote attackers to hijack the authentication of arbitrary users for requests that (1) delete e-mail messages via a delete action in a request to secmail/getmessage.exe or (2) spoof arbitrary users and reply to their messages via a request to secserver/securectrl.exe.
CVSS 6.5
CVE-2016-1611 EXPLOITDB HIGH text WRITEUP
Novell Filr <1.2-2.0 - Privilege Escalation
Novell Filr 1.2 before Hot Patch 6 and 2.0 before Hot Patch 2 uses world-writable permissions for /etc/profile.d/vainit.sh, which allows local users to gain privileges by replacing this file's content with arbitrary shell commands.
CVSS 7.8
CVE-2016-1609 EXPLOITDB MEDIUM text WRITEUP
Novell Filr <1.2 SU3 & <2.0 SU2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allow remote authenticated users to inject arbitrary web script or HTML via crafted input, as demonstrated by a crafted attribute of an IMG element in the phone field of a user profile.
CVSS 5.4
CVE-2016-1608 EXPLOITDB HIGH text WRITEUP
Novell Filr <2.0 - Authenticated RCE
vaconfig/time in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ntpServer parameter.
CVSS 8.8
CVE-2016-1607 EXPLOITDB HIGH text WRITEUP
Novell Filr <2.0 SU2 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Novell Filr before 2.0 Security Update 2 allow remote attackers to hijack the authentication of administrators, as demonstrated by reconfiguring time settings via a vaconfig/time request.
CVSS 7.2
CVE-2014-7208 EXPLOITDB text WRITEUP
GParted <0.15.0 - Command Injection
GParted before 0.15.0 allows local users to execute arbitrary commands with root privileges via shell metacharacters in a crafted filesystem label.
CVE-2014-9412 EXPLOITDB text WRITEUP
NetIQ Access Manager 4.x - XSS
Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.1 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary parameter to roma/jsp/debug/debug.jsp or (2) an arbitrary parameter in a debug.DumpAll action to nps/servlet/webacc, a different issue than CVE-2014-5216.
CVE-2016-1610 EXPLOITDB HIGH text WRITEUP
Novell Filr <1.2 SU3, 2.0 SU2 - Path Traversal
Directory traversal vulnerability in the email-template feature in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allows remote attackers to bypass intended access restrictions and write to arbitrary files via a .. (dot dot) in a blob name.
CVSS 7.5
CVE-2018-7707 EXPLOITDB MEDIUM text WRITEUP
SecurEnvoy SecurMail <9.2.501 - XSS
Cross-site scripting (XSS) vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote attackers to inject arbitrary web script or HTML via an HTML-formatted e-mail message.
CVSS 6.1