alt3kx

44 exploits Active since Apr 2001
CVE-2001-0680 NOMISEC WRITEUP
QPC Software Avt Term - Path Traversal
Directory traversal vulnerability in ftpd in QPC QVT/Net 4.0 and AVT/Term 5.0 allows a remote attacker to traverse directories on the web server via a "dot dot" attack in a LIST (ls) command.
CVE-2001-0758 NOMISEC WRITEUP
Evolvable Corporation Shambala Server - Path Traversal
Directory traversal vulnerability in Shambala 4.5 allows remote attackers to escape the FTP root directory via "CWD ..." command.
CVE-2001-0931 NOMISEC WRITEUP
Cooolsoft Powerftp - Path Traversal
Directory traversal vulnerability in Cooolsoft PowerFTP Server 2.03 allows attackers to list or read arbitrary files and directories via a .. (dot dot) in (1) LS or (2) GET.
CVE-2001-0932 NOMISEC STUB
Cooolsoft Powerftp - Buffer Overflow
Buffer overflow in Cooolsoft PowerFTP Server 2.03 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long command.
CVE-2001-0933 NOMISEC WRITEUP
Cooolsoft PowerFTP Server 2.03 - Info Disclosure
Cooolsoft PowerFTP Server 2.03 allows remote attackers to list the contents of arbitrary drives via a ls (LIST) command that includes the drive letter as an argument, e.g. "ls C:".
CVE-2001-0934 NOMISEC WRITEUP
Cooolsoft PowerFTP Server 2.03 - Info Disclosure
Cooolsoft PowerFTP Server 2.03 allows remote attackers to obtain the physical path of the server root via the pwd command, which lists the full pathname.
CVE-2001-1442 NOMISEC WORKING POC
ISC InterNetNews <2.3.0 - Privilege Escalation
Buffer overflow in innfeed for ISC InterNetNews (INN) before 2.3.0 allows local users in the "news" group to gain privileges via a long -c command line argument.
CVE-2002-0200 NOMISEC WRITEUP
Cyberstop Web Server - Denial of Service
Cyberstop Web Server for Windows 0.1 allows remote attackers to cause a denial of service via an HTTP request for an MS-DOS device name.
CVE-2002-0201 NOMISEC WORKING POC
Cyberstop Web Server - Buffer Overflow
Cyberstop Web Server for Windows 0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request, possibly triggering a buffer overflow.
CVE-2002-0288 NOMISEC STUB
Bbshareware.com Phusion Webserver - Path Traversal
Directory traversal vulnerability in Phusion web server 1.0 allows remote attackers to read arbitrary files via a ... (triple dot dot) in the HTTP request.
CVE-2002-0289 NOMISEC STUB
Bbshareware.com Phusion Webserver - Buffer Overflow
Buffer overflow in Phusion web server 1.0 allows remote attackers to cause a denial of service and execute arbitrary code via a long HTTP request.
CVE-2002-0346 NOMISEC WRITEUP
SUN Cobalt Raq 2 - XSS
Cross-site scripting vulnerability in Cobalt RAQ 4 allows remote attackers to execute arbitrary script as other Cobalt users via Javascript in a URL to (1) service.cgi or (2) alert.cgi.
CVE-2002-0347 NOMISEC WRITEUP
SUN Cobalt Raq 2 - Path Traversal
Directory traversal vulnerability in Cobalt RAQ 4 allows remote attackers to read password-protected files, and possibly files outside the web root, via a .. (dot dot) in an HTTP request.
CVE-2022-1388 METASPLOIT CRITICAL ruby WORKING POC
F5 BIG-IP iControl RCE via REST Authentication Bypass
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
CVSS 9.8
CVE-2019-10685 EXPLOITDB MEDIUM text WORKING POC
Heidelberg Prinect Archiver - XSS
A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Heidelberg Prinect Archiver v2013 release 1.0.
CVSS 6.1
CVE-2018-7691 EXPLOITDB MEDIUM text WORKING POC
Micro Focus Fortify SSC <18.10 - RCE
A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access
CVSS 6.5
CVE-2018-7690 EXPLOITDB MEDIUM text WORKING POC
Micro Focus Fortify SSC <18.10 - RCE
A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access
CVSS 6.5
CVE-2018-12463 EXPLOITDB CRITICAL text WORKING POC
Fortify SSC <18.1 - SSRF
An XML external entity (XXE) vulnerability in Fortify Software Security Center (SSC), version 17.1, 17.2, 18.1 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.
CVSS 9.8
CVE-2018-12596 EXPLOITDB CRITICAL text WORKING POC
Episerver Ektron Cms - Improper Privilege Management
Episerver Ektron CMS before 9.0 SP3 Site CU 31, 9.1 before SP3 Site CU 45, or 9.2 before SP2 Site CU 22 allows remote attackers to call aspx pages via the "activateuser.aspx" page, even if a page is located under the /WorkArea/ path, which is forbidden (normally available exclusively for local admins).
CVSS 9.8