juan vazquez

645 exploits Active since Sep 2005
CVE-2015-8103 EXPLOITDB CRITICAL ruby WORKING POC
Jenkins CLI RMI Java Deserialization Vulnerability
The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-*.jar file and the "Groovy variant in 'ysoserial'".
CVSS 9.8
CVE-2015-2342 EXPLOITDB ruby WORKING POC
VMware vCenter Server 5.0-5.5 and 6.0 - Remote Code Execution via JMX RMI MBean Registration
The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol.
CVE-2013-0422 EXPLOITDB CRITICAL ruby WORKING POC
Oracle JDK 7 - Remote Code Execution via JMX MBean Instantiator and Reflection API
Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary Class references using the findClass method, and (2) using the Reflection API with recursion in a way that bypasses a security check by the java.lang.invoke.MethodHandles.Lookup.checkSecurityManager method due to the inability of the sun.reflect.Reflection.getCallerClass method to skip frames related to the new reflection API, as exploited in the wild in January 2013, as demonstrated by Blackhole and Nuclear Pack, and a different vulnerability than CVE-2012-4681 and CVE-2012-3174. NOTE: some parties have mapped the recursive Reflection API issue to CVE-2012-3174, but CVE-2012-3174 is for a different vulnerability whose details are not public as of 20130114. CVE-2013-0422 covers both the JMX/MBean and Reflection API issues. NOTE: it was originally reported that Java 6 was also vulnerable, but the reporter has retracted this claim, stating that Java 6 is not exploitable because the relevant code is called in a way that does not bypass security checks. NOTE: as of 20130114, a reliable third party has claimed that the findClass/MBeanInstantiator vector was not fixed in Oracle Java 7 Update 11. If there is still a vulnerable condition, then a separate CVE identifier might be created for the unfixed issue.
CVSS 9.8
CVE-2012-1723 EXPLOITDB CRITICAL ruby WORKING POC
Java Applet Field Bytecode Verifier Cache Remote Code Execution
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
CVSS 9.8
CVE-2012-5076 EXPLOITDB CRITICAL ruby WORKING POC
Java Applet AverageRangeStatisticImpl Remote Code Execution
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS.
CVSS 9.8
CVE-2012-4681 EXPLOITDB CRITICAL ruby WORKING POC
Java 7 Applet Remote Code Execution
Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by (1) using com.sun.beans.finder.ClassFinder.findClass and leveraging an exception with the forName method to access restricted classes from arbitrary packages such as sun.awt.SunToolkit, then (2) using "reflection with a trusted immediate caller" to leverage the getField method to access and modify private fields, as exploited in the wild in August 2012 using Gondzz.class and Gondvv.class.
CVSS 9.8
CVE-2013-6221 EXPLOITDB ruby WORKING POC
HP Service Virtualization 3.x < 3.50.1 - Path Traversal and Arbitrary File Write via CommunicationServlet
Directory traversal vulnerability in CommunicationServlet in HP Service Virtualization 3.x before 3.50.1, when the AutoPass license server is enabled, allows remote attackers to create arbitrary files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-2031.
CVE-2011-0807 EXPLOITDB ruby WORKING POC
Oracle Sun GlassFish Enterprise Server <3.0.1 - Info Disclosure
Unspecified vulnerability in Oracle Sun GlassFish Enterprise Server 2.1, 2.1.1, and 3.0.1, and Sun Java System Application Server 9.1, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Administration.
CVE-2014-8516 EXPLOITDB CRITICAL ruby WORKING POC
Visual Mining NetCharts Server - Unrestricted File Upload and Remote Code Execution
Unrestricted file upload vulnerability in Visual Mining NetCharts Server allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors.
CVSS 9.8
EIP-2026-102349 EXPLOITDB ruby WORKING POC
SolarWinds Storage Manager - Authentication Bypass (Metasploit)
EIP-2026-102347 EXPLOITDB ruby WORKING POC
Oracle Business Transaction Management FlashTunnelService - Remote Code Execution (Metasploit)
CVE-2011-2653 EXPLOITDB ruby WORKING POC
Novell ZENworks Asset Management 7.5 - Remote Code Execution via rtrlet Directory Traversal
Directory traversal vulnerability in the rtrlet component in Novell ZENworks Asset Management (ZAM) 7.5 allows remote attackers to execute arbitrary code by uploading an executable file.
CVE-2014-8741 EXPLOITDB CRITICAL ruby WORKING POC
Lexmark MarkVision Enterprise <2.1 - Path Traversal
Directory traversal vulnerability in the GfdFileUploadServerlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to write to arbitrary files via unspecified vectors.
CVSS 9.8
EIP-2026-101347 EXPLOITDB ruby WORKING POC
Linksys E1500/E2500 - 'apply.cgi' Remote Command Injection (Metasploit)
CVE-2013-2751 EXPLOITDB ruby WORKING POC
NETGEAR ReadyNAS <4.1.12 & <4.2.24 - Code Injection
Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbitrary Perl code via a crafted request, related to the "forgot password workflow."
CVE-2013-3568 EXPLOITDB HIGH ruby WORKING POC
Cisco Linksys WRT110 Firmware - Cross-Site Request Forgery
Cross-site request forgery (CSRF) vulnerability in Cisco Linksys WRT110 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors.
CVSS 8.8
CVE-2013-3623 EXPLOITDB ruby WORKING POC
Supermicro Onboard IPMI CGI Vulnerability Scanner
Multiple stack-based buffer overflows in cgi/close_window.cgi in the web interface in the Intelligent Platform Management Interface (IPMI) with firmware before 3.15 (SMT_X9_315) on Supermicro X9 generation motherboards allow remote attackers to execute arbitrary code via the (1) sess_sid or (2) ACT parameter.
EIP-2026-101231 EXPLOITDB ruby WORKING POC
D-Link DIR-645 / DIR-815 - 'diagnostic.php' Command Execution (Metasploit)
EIP-2026-101351 EXPLOITDB ruby WORKING POC
Linksys WRT54GL - 'apply.cgi' Command Execution (Metasploit)
CVE-2014-7140 EXPLOITDB ruby WORKING POC
Citrix NetScaler <10.1-129.11, <10.5-50.10 - RCE
Unspecified vulnerability in the management interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.x before 10.1-129.11 and 10.5 before 10.5-50.10 allows remote attackers to execute arbitrary code via unknown vectors.