hantwister

8 exploits Active since Sep 2012
CVE-2012-3137 NOMISEC WORKING POC
Oracle Database Server - Info Disclosure
The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to conduct brute force password guessing attacks, aka "stealth password cracking vulnerability."
3 stars
CVE-2016-4004 EXPLOITDB MEDIUM text WORKING POC
Dell OMSA 8.2 - Path Traversal
Directory traversal vulnerability in Dell OpenManage Server Administrator (OMSA) 8.2 allows remote authenticated administrators to read arbitrary files via a ..\ (dot dot backslash) in the file parameter to ViewFile.
CVSS 4.9
EIP-2026-119673 EXPLOITDB ruby WORKING POC
Dell OpenManage Server Administrator 8.3 - XML External Entity
EIP-2026-103326 EXPLOITDB text WORKING POC
Teradici Management Console 2.2.0 - Privilege Escalation
EIP-2026-102430 EXPLOITDB text WORKING POC
Tomcat proprietaryEvaluate 9.0.0.M1 - Sandbox Escape
CVE-2019-15039 EXPLOITDB CRITICAL text WORKING POC
Jetbrains Teamcity - Path Traversal
An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issue. This was fixed in TeamCity 2019.1.
CVSS 9.8
CVE-2019-15999 EXPLOITDB MEDIUM text WORKING POC
Cisco DCNM - Privilege Escalation
A vulnerability in the application environment of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to gain unauthorized access to the JBoss Enterprise Application Platform (JBoss EAP) on an affected device. The vulnerability is due to an incorrect configuration of the authentication settings on the JBoss EAP. An attacker could exploit this vulnerability by authenticating with a specific low-privilege account. A successful exploit could allow the attacker to gain unauthorized access to the JBoss EAP, which should be limited to internal system accounts.
CVSS 6.3
CVE-2017-3623 EXPLOITDB CRITICAL python WORKING POC
Solaris - RCE
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel RPC). For supported versions that are affected see note. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Solaris. While the vulnerability is in Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Solaris. Note: CVE-2017-3623 is assigned for "Ebbisland". Solaris 10 systems which have had any Kernel patch installed after, or updated via patching tools since 2012-01-26 are not impacted. Also, any Solaris 10 system installed with Solaris 10 1/13 (Solaris 10 Update 11) are not vulnerable. Solaris 11 is not impacted by this issue. CVSS 3.0 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
CVSS 10.0