nnposter

16 exploits Active since Jun 2007
CVE-2007-3201 EXPLOITDB text WRITEUP
Windows Privacy Tray 1.2.0 - User-Assisted RCE
Visual truncation vulnerability in Windows Privacy Tray (WinPT) 1.2.0 allows user-assisted remote attackers to install a key listed under the wrong user ID, and possibly cause the user to encrypt a victim's correspondence with this attacker-supplied key, via a key ID composed of the attacker's user ID, space characters, an invalid WinPT message, additional space characters, and the victim's user ID.
CVE-2008-0539 EXPLOITDB text WORKING POC
F5 BIG-IP Application Security Manager 9.4.3 - Cross-Site Scripting via Report Type Parameter
Cross-site scripting (XSS) vulnerability in dms/policy/rep_request.php in F5 BIG-IP Application Security Manager (ASM) 9.4.3 allows remote attackers to inject arbitrary web script or HTML via the report_type parameter.
CVE-2008-1300 EXPLOITDB text WORKING POC
Alkacon OpenCms 7.0.3-7.0.4 - Cross-Site Scripting via Logfile Viewer Settings filePath Parameter
Cross-site scripting (XSS) vulnerability in the Logfile Viewer Settings function in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote attackers to inject arbitrary web script or HTML via the filePath.0 parameter in a save action, a different vector than CVE-2008-1045.
CVE-2008-1301 EXPLOITDB text WORKING POC
Alkacon OpenCms <7.0.4 - Path Traversal
Absolute path traversal vulnerability in system/workplace/admin/workplace/logfileview/logfileViewSettings.jsp in Alkacon OpenCms 7.0.3 and 7.0.4 allows remote authenticated administrators to read arbitrary files via a full pathname in the filePath.0 parameter.
CVE-2008-3494 EXPLOITDB text WORKING POC
8e6 R3000 Internet Filter 2.0.12.10 - Open Redirect
8e6 R3000 Internet Filter 2.0.12.10 allows remote attackers to bypass intended restrictions via an extra HTTP Host header with additional leading text placed before the real Host header.
CVE-2008-1510 EXPLOITDB text WORKING POC
Alkacon OpenCMS 7.0.3 - Cross-Site Scripting via User List Search Parameters
Cross-site scripting (XSS) vulnerability in system/workplace/admin/accounts/users_list.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the (1) searchfilter or (2) listSearchFilter parameter.
CVE-2008-1045 EXPLOITDB text WORKING POC
Alkacon OpenCMS 7.0.3 - Cross-Site Scripting via File Tree Navigation Resource Parameter
Cross-site scripting (XSS) vulnerability in the file tree navigation function in system/workplace/views/explorer/tree_files.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the resource parameter.
CVE-2008-2637 EXPLOITDB text WORKING POC
F5 FirePass SSL VPN 6.0.2 hotfix 3 - Cross-Site Scripting via css_exceptions or sql_matchscope Parameter
Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN 6.0.2 hotfix 3, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via quotes in (1) the css_exceptions parameter in vdesk/admincon/webyfiers.php and (2) the sql_matchscope parameter in vdesk/admincon/index.php.
CVE-2008-1037 EXPLOITDB text WRITEUP
Packeteer PacketShaper and PolicyCenter 8.2.2 - Cross-Site Scripting via FILELIST Parameter
Cross-site scripting (XSS) vulnerability in the file listing function in the web management interface in Packeteer PacketShaper and PolicyCenter 8.2.2 allows remote attackers to inject arbitrary web script or HTML via the FILELIST parameter to an arbitrary component, which triggers injection into an Error Report page.
CVE-2007-3151 EXPLOITDB text WRITEUP
PacketShaper 7.3.0g2 and 7.5.0g1 - Denial of Service via Empty OP.MEAS.DATAQUERY and MEAS.TYPE Parameters
rpttop.htm in the web management interface in Packeteer PacketShaper 7.3.0g2 and 7.5.0g1 allows remote attackers to cause a denial of service (device reboot) via a request with empty values of the OP.MEAS.DATAQUERY and MEAS.TYPE parameters.
CVE-2008-0372 EXPLOITDB text WRITEUP
8e6 R3000 Internet Filter < 2.0.11 - Request Smuggling via Fragmented HTTP Request
8e6 R3000 Internet Filter 2.0.05.33, and other versions before 2.0.11, allows remote attackers to bypass intended restrictions via a fragmented HTTP request.
CVE-2008-0265 EXPLOITDB text WORKING POC
F5 TMOS - Cross-Site Scripting via SearchString Parameter in Web Management Interface
Multiple cross-site scripting (XSS) vulnerabilities in the Search function in the web management interface in F5 BIG-IP 9.4.3 allow remote attackers to inject arbitrary web script or HTML via the SearchString parameter to (1) list_system.jsp, (2) list_pktfilter.jsp, (3) list_ltm.jsp, (4) resources_audit.jsp, and (5) list_asm.jsp in tmui/Control/jspmap/tmui/system/log/; and (6) list.jsp in certain directories.
EIP-2026-101269 EXPLOITDB text WORKING POC
F5 BIG-IP 9.4.3 - Web Management Interface Console HTML Injection
CVE-2008-7032 EXPLOITDB text WORKING POC
F5 BIG-IP 9.4.3 - Cross-Site Request Forgery via Web Management Console
Web Management Console Cross-site request forgery (CSRF) vulnerability in the web management console in F5 BIG-IP 9.4.3 allows remote attackers to hijack the authentication of administrators for requests that create new administrators and execute shell commands, as demonstrated using tmui/Control/form.
CVE-2008-2637 EXPLOITDB text WORKING POC
F5 FirePass SSL VPN 6.0.2 hotfix 3 - Cross-Site Scripting via css_exceptions or sql_matchscope Parameter
Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL VPN 6.0.2 hotfix 3, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via quotes in (1) the css_exceptions parameter in vdesk/admincon/webyfiers.php and (2) the sql_matchscope parameter in vdesk/admincon/index.php.
CVE-2007-6037 EXPLOITDB text WORKING POC
Citrix NetScaler 8.0 build 47.8 - Cross-Site Scripting via Standalone Parameter
Cross-site scripting (XSS) vulnerability in ws/generic_api_call.pl in Citrix NetScaler 8.0 build 47.8 allows remote attackers to inject arbitrary web script or HTML via the standalone parameter and other unspecified parameters.