loneferret of Offensive Security

16 exploits Active since Aug 2012
CVE-2012-2575 EXPLOITDB python WORKING POC
NetWin SurgeMail 6.0a4 - XSS
Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 6.0a4 allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IFRAME element in the body of an HTML e-mail message.
CVE-2012-2587 EXPLOITDB python WORKING POC
AfterLogic MailSuite Pro 6.3 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in AfterLogic MailSuite Pro 6.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with a crafted SRC attribute of (1) an IFRAME element or (2) a SCRIPT element.
CVE-2012-2578 EXPLOITDB python WORKING POC
SmarterMail 9.2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in SmarterMail 9.2 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a JavaScript alert function used in conjunction with the fromCharCode method, (2) a SCRIPT element, (3) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element, or (4) an innerHTML attribute within an XML document.
CVE-2012-2582 EXPLOITDB python WORKING POC
OTRS Help Desk <2.4.13, OTRS ITSM <3.0.15 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.13, 3.0.x before 3.0.15, and 3.1.x before 3.1.9, and OTRS ITSM 2.1.x before 2.1.5, 3.0.x before 3.0.6, and 3.1.x before 3.1.6, allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element or (2) UTF-7 text in an HTTP-EQUIV="CONTENT-TYPE" META element.
CVE-2012-2585 EXPLOITDB python WORKING POC
ManageEngine ServiceDesk Plus 8.1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ServiceDesk Plus 8.1 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) expression property, (3) a CSS expression property in the STYLE attribute of an arbitrary element, or (4) a crafted SRC attribute of an IFRAME element, or an e-mail message subject with (5) a SCRIPT element, (6) a CSS expression property in the STYLE attribute of an arbitrary element, (7) a crafted SRC attribute of an IFRAME element, (8) a crafted CONTENT attribute of an HTTP-EQUIV="refresh" META element, or (9) a data: URL in the CONTENT attribute of an HTTP-EQUIV="refresh" META element.
CVE-2012-2586 EXPLOITDB python WORKING POC
Mailtraq 2.17.3.3150 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Mailtraq 2.17.3.3150 allow remote attackers to inject arbitrary web script or HTML via an e-mail message subject with (1) a JavaScript alert function used in conjunction with the fromCharCode method or (2) a SCRIPT element; an e-mail message body with (3) a crafted SRC attribute of an IFRAME element, (4) a data: URL in the CONTENT attribute of an HTTP-EQUIV="refresh" META element, or (5) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an IMG element; or an e-mail message Date header with (6) a JavaScript alert function used in conjunction with the fromCharCode method, (7) a SCRIPT element, (8) a CSS expression property in the STYLE attribute of an arbitrary element, (9) a crafted SRC attribute of an IFRAME element, or (10) a data: URL in the CONTENT attribute of an HTTP-EQUIV="refresh" META element.
EIP-2026-119355 EXPLOITDB text WORKING POC
Cyclope Employee Surveillance Solution 6.0 6.1.0 6.2.0 - Multiple Vulnerabilities
EIP-2026-118511 EXPLOITDB python WORKING POC
eM Client e-mail client 5.0.18025.0 - Persistent Cross-Site Scripting
EIP-2026-118434 EXPLOITDB python WORKING POC
dreamMail e-mail client 4.6.9.2 - Persistent Cross-Site Scripting
EIP-2026-116325 EXPLOITDB python WORKING POC
Spytech NetVizor 6.1 - 'services.exe' Denial of Service
CVE-2012-2583 EXPLOITDB python WORKING POC
Mini Mail Dashboard Widget <1.42 - XSS
Cross-site scripting (XSS) vulnerability in Mini Mail Dashboard Widget plugin 1.42 for WordPress allows remote attackers to inject arbitrary web script or HTML via the body of an email.
EIP-2026-113299 EXPLOITDB text WORKING POC
weBid 1.0.5 - Directory Traversal
EIP-2026-113218 EXPLOITDB text WRITEUP
Web Help Desk by SolarWinds - Persistent Cross-Site Scripting
CVE-2012-2573 EXPLOITDB python WORKING POC
T-dah WebMail 3.2.0-2.3 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in T-dah WebMail 3.2.0-2.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) expression property, (3) a CSS expression property in the STYLE attribute of an arbitrary element, (4) an ONLOAD attribute of a BODY element, (5) a crafted SRC attribute of an IFRAME element, (6) a crafted CONTENT attribute of an HTTP-EQUIV="refresh" META element, or (7) a data: URL in the CONTENT attribute of an HTTP-EQUIV="refresh" META element.
EIP-2026-105935 EXPLOITDB text WORKING POC
Clipbucket 2.5 - Directory Traversal
EIP-2026-105933 EXPLOITDB text WORKING POC
Clipbucket 2.5 - Blind SQL Injection