juan vazquez

644 exploits Active since Sep 2005
CVE-2011-2595 EXPLOITDB ruby WORKING POC
Acdsee Fotoslate - Memory Corruption
Multiple stack-based buffer overflows in ACDSee FotoSlate 4.0 Build 146 allow remote attackers to execute arbitrary code via a long id parameter in a (1) String or (2) Int tag in a FotoSlate Project (aka PLP) file.
CVE-2013-2730 EXPLOITDB ruby WORKING POC
Adobe Reader/Acrobat <9.5.5, <10.1.7, <11.0.03 - Buffer Overflow
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-2733.
CVE-2011-2462 EXPLOITDB CRITICAL ruby WORKING POC
Adobe Acrobat < 10.1.1 - Out-of-Bounds Write
Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.
CVSS 9.8
CVE-2013-4835 EXPLOITDB ruby WORKING POC
HP SiteScope <11.22 - Auth Bypass
The APISiteScopeImpl SOAP service in HP SiteScope 10.1x and 11.x before 11.22 allows remote attackers to bypass authentication and execute arbitrary code via a direct request to the issueSiebelCmd method, aka ZDI-CAN-1765.
CVE-2012-6330 EXPLOITDB ruby WORKING POC
Foswiki MAKETEXT Remote Command Execution
The localization functionality in TWiki before 5.1.3, and Foswiki 1.0.x through 1.0.10 and 1.1.x through 1.1.6, allows remote attackers to cause a denial of service (memory consumption) via a large integer in a %MAKETEXT% macro.
EIP-2026-114782 EXPLOITDB ruby WORKING POC
D-Link Devices - UPnP SOAP TelnetD Command Execution (Metasploit)
CVE-2014-3828 EXPLOITDB ruby WORKING POC
Merethis Centreon - SQL Injection
Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allow remote attackers to execute arbitrary SQL commands via (1) the index_id parameter to views/graphs/common/makeXML_ListMetrics.php, (2) the sid parameter to views/graphs/GetXmlTree.php, (3) the session_id parameter to views/graphs/graphStatus/displayServiceStatus.php, (4) the mnftr_id parameter to configuration/configObject/traps/GetXMLTrapsForVendor.php, or (5) the index parameter to common/javascript/commandGetArgs/cmdGetExample.php in include/.
CVE-2012-2982 EXPLOITDB ruby WORKING POC
Webmin <1.590 - Command Injection
file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a | (pipe) character.
CVE-2012-6329 EXPLOITDB ruby WORKING POC
TWiki MAKETEXT Remote Command Execution
The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6.
EIP-2026-114799 EXPLOITDB ruby WORKING POC
PineApp Mail-SeCure - 'livelog.html' Arbitrary Command Execution (Metasploit)
CVE-2012-3996 EXPLOITDB ruby WORKING POC
Tikiwiki Cms/groupware < 8.2 - Information Disclosure
TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers to obtain the installation path via a direct request to (1) admin/include_calendar.php, (2) tiki-rss_error.php, or (3) tiki-watershed_service.php.
CVE-2012-0694 EXPLOITDB CRITICAL ruby WORKING POC
SugarCRM CE <= 6.3.1 - Code Injection
SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote attackers to execute arbitrary PHP code.
CVSS 9.8
CVE-2012-0299 EXPLOITDB ruby WORKING POC
Symantec Web Gateway <5.0.3 - RCE
The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to upload arbitrary code to a designated pathname, and possibly execute this code, via unspecified vectors.
CVE-2012-0297 EXPLOITDB ruby WORKING POC
Symantec Web Gateway <5.0.3 - RCE
The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not properly restrict access to application scripts, which allows remote attackers to execute arbitrary code by (1) injecting crafted data or (2) including crafted data.
CVE-2011-3833 EXPLOITDB ruby WORKING POC
Support Incident Tracker Remote Command Execution
Unrestricted file upload vulnerability in ftp_upload_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in an unspecified directory.
CVE-2008-6132 EXPLOITDB ruby WORKING POC
phpScheduleIt <1.2.10 - Code Injection
Eval injection vulnerability in reserve.php in phpScheduleIt 1.2.10 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via the start_date parameter.
CVE-2011-4542 EXPLOITDB ruby WORKING POC
Hastymail2 - SQL Injection
Hastymail2 2.1.1 before RC2 allows remote attackers to execute arbitrary commands via the (1) rs or (2) rsargs[] parameter in a mailbox Drafts action to the default URI.
CVE-2011-5130 EXPLOITDB ruby WORKING POC
Haudenschilt Family Connections Cms - Code Injection
dev/less.php in Family Connections CMS (FCMS) 2.5.0 - 2.7.1, when register_globals is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the argv[1] parameter.
CVE-2012-5692 EXPLOITDB ruby WORKING POC
Invision Power Board <3.3.x - Unknown Vuln
Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unknown impact and remote attack vectors.
CVE-2013-2010 EXPLOITDB CRITICAL ruby WORKING POC
Automattic WP Super Cache < 1.2 - Injection
WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability
CVSS 9.8
CVE-2013-3214 EXPLOITDB CRITICAL ruby WORKING POC
vtiger CRM <5.4.0 - Code Injection
vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerability in 'vtigerolservice.php'.
CVSS 9.8
CVE-2013-3522 EXPLOITDB ruby WORKING POC
Vbulletin - SQL Injection
SQL injection vulnerability in index.php/ajax/api/reputation/vote in vBulletin 5.0.0 Beta 11, 5.0.0 Beta 28, and earlier allows remote authenticated users to execute arbitrary SQL commands via the nodeid parameter.
CVE-2013-7387 EXPLOITDB ruby WORKING POC
DataLife Engine <9.7 - Info Disclosure
Session fixation vulnerability in DataLife Engine (DLE) 9.7 and earlier allows remote attackers to hijack web sessions via the PHPSESSID cookie.
EIP-2026-104764 EXPLOITDB ruby WORKING POC
PineApp Mail-SeCure - 'test_li_connection.php' Arbitrary Command Execution (Metasploit)
EIP-2026-104763 EXPLOITDB ruby WORKING POC
PineApp Mail-SeCure - 'ldapsyncnow.php' Arbitrary Command Execution (Metasploit)