rsp3ar

7 exploits Active since Nov 2018
CVE-2018-25312 EXPLOITDB MEDIUM python WORKING POC
LifeSize ClearSea 3.1.4 Directory Traversal Remote Code Execution
LifeSize ClearSea 3.1.4 contains directory traversal vulnerabilities that allow authenticated attackers to download and upload arbitrary files by manipulating path parameters in the smartgui interface. Attackers can exploit the upload endpoint with directory traversal sequences to write files to arbitrary locations on the system, enabling remote code execution.
CVSS 6.5
CVE-2018-19646 EXPLOITDB CRITICAL python WORKING POC
Imperva SecureSphere <13.2.10 - Command Injection
The Python CGI scripts in PWS in Imperva SecureSphere 13.0.10, 13.1.10, and 13.2.10 allow remote attackers to execute arbitrary OS commands because command-line arguments are mishandled.
CVSS 9.8
CVE-2018-5403 EXPLOITDB HIGH python WORKING POC
Imperva SecureSphere <v13 - RCE
Imperva SecureSphere gateway (GW) running v13, for both pre-First Time Login or post-First Time Login (FTL), if the attacker knows the basic authentication passwords, the GW may be vulnerable to RCE through specially crafted requests, from the web access management interface.
CVSS 8.1
CVE-2018-16660 EXPLOITDB HIGH python WORKING POC
Imperva SecureSphere <13.1.0.10 - Command Injection
A command injection vulnerability in PWS in Imperva SecureSphere 13.0.0.10 and 13.1.0.10 Gateway allows an attacker with authenticated access to execute arbitrary OS commands on a vulnerable installation.
CVSS 8.8
CVE-2018-16660 METASPLOIT HIGH ruby WORKING POC
Imperva SecureSphere <13.1.0.10 - Command Injection
A command injection vulnerability in PWS in Imperva SecureSphere 13.0.0.10 and 13.1.0.10 Gateway allows an attacker with authenticated access to execute arbitrary OS commands on a vulnerable installation.
CVSS 8.8
EIP-2026-103145 EXPLOITDB ruby WORKING POC
Imperva SecureSphere 13.x - 'PWS' Command Injection (Metasploit)
EIP-2026-103146 EXPLOITDB ruby WORKING POC
Imperva SecureSphere 13.x - 'PWS' Command Injection (Metasploit)