catatonicprime

7 exploits Active since Oct 2012
CVE-2020-3580 NOMISEC MEDIUM SUSPICIOUS
Cisco Firepower Threat Defense <6.4.0.12 & ASA <9.8.4.34 - XSS
Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information. Note: These vulnerabilities affect only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section.
2 stars
CVSS 6.1
CVE-2023-27350 METASPLOIT CRITICAL ruby WORKING POC
PaperCut MF and NG 8.0-20.1.7 - Unauthenticated Remote Code Execution via SetupCompleted
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987.
CVSS 9.8
CVE-2015-0923 METASPLOIT ruby WORKING POC
Ektron Content Management System 8.5, 8.7 < 8.7sp2, 9.0 < sp1 - XML External Entity Injection via XSLT Parameter
The ContentBlockEx method in Workarea/ServerControlWS.asmx in Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference within an XML document named in the xslt parameter, related to an XML External Entity (XXE) issue.
CVE-2015-4624 METASPLOIT HIGH ruby WORKING POC
Hak5 WiFi Pineapple 2.0-2.3 - Predictable CSRF Token
Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens.
CVSS 7.5
CVE-2015-4624 METASPLOIT HIGH ruby WORKING POC
Hak5 WiFi Pineapple 2.0-2.3 - Predictable CSRF Token
Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens.
CVSS 7.5
CVE-2012-3819 EXPLOITDB ruby WORKING POC
Dart PowerTCP ActiveX - Denial of Service via Long Request
Stack consumption vulnerability in dartwebserver.dll 1.9 and earlier, as used in Dart PowerTCP WebServer for ActiveX and other products, allows remote attackers to cause a denial of service (daemon crash) via a long request.
CVE-2015-4624 EXPLOITDB HIGH ruby WORKING POC
Hak5 WiFi Pineapple 2.0-2.3 - Predictable CSRF Token
Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens.
CVSS 7.5