justpentest

4 exploits Active since Oct 2013
CVE-2014-8380 EXPLOITDB text WORKING POC
Splunk - XSS
Cross-site scripting (XSS) vulnerability in Splunk 6.1.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer Header in a "404 Not Found" response. NOTE: this vulnerability might exist because of a CVE-2010-2429 regression.
CVE-2017-5631 EXPLOITDB MEDIUM text WORKING POC
KMC Information Systems Caseaware - XSS
An issue was discovered in KMCIS CaseAware. Reflected cross site scripting is present in the user parameter (i.e., "usr") that is transmitted in the login.php query string.
CVSS 6.1
CVE-2016-6816 EXPLOITDB HIGH text WORKING POC
Apache Tomcat < 9.0.0.M12 - Improper Input Validation
The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.
CVSS 7.1
CVE-2013-5528 EXPLOITDB text WORKING POC
Cisco Unified Communications Manager - Path Traversal
Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSCui78815.