s4squatch

22 exploits Active since Aug 2007
CVE-2010-0641 EXPLOITDB text WORKING POC
Cisco Collaboration Server 5 - Cross-Site Scripting via LoginPage.jhtml Dest Parameter
Cross-site scripting (XSS) vulnerability in webline/html/admin/wcs/LoginPage.jhtml in Cisco Collaboration Server (CCS) 5 allows remote attackers to inject arbitrary web script or HTML via the dest parameter.
CVE-2016-10709 METASPLOIT HIGH ruby WORKING POC
pfSense < 2.2.6 - Authenticated OS Command Injection via Graph Parameter
pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the status_rrd_graph_img.php graph parameter, related to _rrd_graph_img.php.
CVSS 8.8
EIP-2026-118739 EXPLOITDB html WORKING POC
MagnetoSoft ICMP 4.0.0.18 - ActiveX AddDestinationEntry Buffer Overflow
EIP-2026-118738 EXPLOITDB html WORKING POC
Magneto Net Resource ActiveX 4.0.0.5 - 'NetShareEnum' Universal
EIP-2026-118737 EXPLOITDB html WORKING POC
Magneto Net Resource ActiveX 4.0.0.5 - 'NetFileClose' Universal
EIP-2026-118740 EXPLOITDB html WORKING POC
MagnetoSoft SNTP 4.0.0.7 - ActiveX SntpGetReply Buffer Overflow
EIP-2026-118736 EXPLOITDB html WORKING POC
Magneto Net Resource ActiveX 4.0.0.5 - 'NetConnectionEnum' Universal
EIP-2026-115577 EXPLOITDB html WORKING POC
MagnetoSoft NetworkResources 4.0.0.5 - ActiveX NetSessionDel (PoC)
EIP-2026-115574 EXPLOITDB html WORKING POC
MagnetoSoft DNS 4.0.0.9 - ActiveX DNSLookupHostWithServer (PoC)
EIP-2026-115575 EXPLOITDB html WORKING POC
MagnetoSoft NetworkResources - ActiveX NetConnectionEnum Overwrite (SEH) (PoC)
EIP-2026-115576 EXPLOITDB html WORKING POC
MagnetoSoft NetworkResources 4.0.0.5 - ActiveX NetFileClose Overwrite (SEH) (PoC)
EIP-2026-115578 EXPLOITDB html WORKING POC
MagnetoSoft NetworkResources 4.0.0.5 - ActiveX NetShareEnum Overwrite (SEH) (PoC)
EIP-2026-115579 EXPLOITDB html WORKING POC
MagnetoSoft SNTP 4.0.0.7 - ActiveX SntpSendRequest Crash (PoC)
EIP-2026-115661 EXPLOITDB text WORKING POC
Microsoft HTML Help Compiler (hhc.exe) - Buffer Overflow (PoC)
EIP-2026-114798 EXPLOITDB ruby WORKING POC
pfSense - (Authenticated) Group Member Remote Command Execution (Metasploit)
EIP-2026-112843 EXPLOITDB text WRITEUP
UBBCentral UBB.Threads 5.5.1 - 'message' SQL Injection
EIP-2026-110561 EXPLOITDB text WORKING POC
pfSense 2.3.1_1 - Command Execution
CVE-2008-1470 EXPLOITDB text WORKING POC
RSA WebID - Cross-Site Scripting via IISWebAgentIF.dll postdata Parameter
Incomplete blacklist vulnerability in IISWebAgentIF.dll in the WebID RSA Authentication Agent 5.3, and possibly earlier, allows remote attackers to conduct cross-site scripting (XSS) attacks via the postdata parameter, due to an incomplete fix for CVE-2005-1118.
CVE-2009-4086 EXPLOITDB text WORKING POC
Xerver HTTP Server <4.33 - CRLF Injection
CRLF injection vulnerability in Xerver HTTP Server 4.31 and 4.32 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via certain byte sequences at the end of a URL. NOTE: some of these details are obtained from third party information.
EIP-2026-104507 EXPLOITDB text WORKING POC
X-Cart Pro 4.0.13 - SQL Injection
CVE-2010-0642 EXPLOITDB text WORKING POC
Cisco Collaboration Server 5 - Unauthenticated Sensitive Information Exposure via URL-Encoded Filename Extension Bypass
Cisco Collaboration Server (CCS) 5 allows remote attackers to read the source code of JHTML files via URL encoded characters in the filename extension, as demonstrated by (1) changing .jhtml to %2Ejhtml, (2) changing .jhtml to .jhtm%6C, (3) appending %00 after .jhtml, and (4) appending %c0%80 after .jhtml, related to the (a) doc/docindex.jhtml, (b) browserId/wizardForm.jhtml, (c) webline/html/forms/callback.jhtml, (d) webline/html/forms/callbackICM.jhtml, (e) webline/html/agent/AgentFrame.jhtml, (f) webline/html/agent/default/badlogin.jhtml, (g) callme/callForm.jhtml, (h) webline/html/multichatui/nowDefunctWindow.jhtml, (i) browserId/wizard.jhtml, (j) admin/CiscoAdmin.jhtml, (k) msccallme/mscCallForm.jhtml, and (l) webline/html/admin/wcs/LoginPage.jhtml components.
CVE-2007-4368 EXPLOITDB text WORKING POC
IBM Rational ClearQuest <7.0.0.2 - SQL Injection
SQL injection vulnerability in /main in IBM Rational ClearQuest (CQ) Web 7.0.0.0-IFIX02 and 7.0.0.1 allows remote attackers to execute arbitrary SQL commands via the username parameter in a GenerateMainFrame command.