9 matches found
Loadbalancer.org Enterprise VA MAX Cross Site Scripting
Title: Loadbalancer.org Enterprise VA MAX - Unauthenticated Stored XSS Author: Jakub Palaczynski Date: 24. July 2018 CVE: CVE-2018-18864 Affected product: ============= Loadbalancer.org Enterprise VA MAX before 8.3.3 Impact: ====== Remote Code Execution with root privileges. Vulnerability -...
Meinberg LANTIME Web Configuration Utility 6.16.008 - Arbitrary File Read Vulnerability (2)
Exploit for cgi platform in category web applications Title: Meinberg LANTIME Web Configuration Utility - Arbitrary File Upload Path Traversal Author: Jakub Palaczynski CVE: CVE-2017-16788 Exploit was tested on: ====================== Meinberg LANTIME Web Configuration Utility 6.16.008...
Meinberg LANTIME Web Configuration Utility 6.16.008 Arbitrary File Read
Title: Meinberg LANTIME Web Configuration Utility - Arbitrary File Read Author: Jakub Palaczynski CVE: CVE-2017-16787 Exploit tested on: ================== Meinberg LANTIME Web Configuration Utility 6.16.008 Vulnerability affects: ====================== All LTOS6 firmware releases before 6.24.004...
Meinberg LANTIME Web Configuration Utility 6.16.008 Authentication Bypass
Title: Meinberg LANTIME Web Configuration Utility - Failure to Restrict URL Access Author: Jakub Palaczynski CVE: CVE-2017-16787 Exploit tested on: ================== Meinberg LANTIME Web Configuration Utility 6.16.008 Vulnerability affects: ====================== All LTOS6 firmware releases befo...
Meinberg LANTIME Web Configuration Utility 6.16.008 - Arbitrary File Read
Meinberg LANTIME Web Configuration Utility 6.16.008 - Arbitrary File Read Title: Meinberg LANTIME Web Configuration Utility - Arbitrary File Read Author: Jakub Palaczynski CVE: CVE-2017-16787 Exploit tested on: ================== Meinberg LANTIME Web Configuration Utility 6.16.008 Vulnerability...
Astaro Security Gateway 7 - Remote Code Execution
!/usr/bin/python Astaro Security Gateway v7 - Unauthenticated Remote Code Execution Exploit Authors: Jakub Palaczynski and Maciej Grabiec Tested on versions: 7.500 and 7.506 Date: 13.12.2016 Vendor Homepage: https://www.sophos.com/ CVE: CVE-2017-6315 import socket import sys import os import...
Apache James Server 2.3.2 security vulnerability fixed
Severity: Important Vendor: The Apache Software Foundation Versions Affected: James Server 2.3.2 Description: Apache James Server 2.3.2 has security issue that can let a user execute arbitrary system command for servers configured with file based user repositories. Mitigation: 2.3.2 users should...
HP WebInspect 10.4 - XML External Entity Injection
HP WebInspect 10.4 - XML External Entity Injection Exploit Title: HP WebInspect - XML External Entity Date: 23\04\2015 Exploit Author: Jakub Palaczynski Vendor Homepage: http://www.hp.com/ Version: 10.4, 10.3, 10.2, 10.1, 10.0, 9.x, 8.x, 7.x CVE : CVE-2015-2125 1. Create website that exploits...
HP WebInspect 10.4 - XML External Entity Injection
Exploit Title: HP WebInspect - XML External Entity Date: 23\04\2015 Exploit Author: Jakub Palaczynski Vendor Homepage: http://www.hp.com/ Version: 10.4, 10.3, 10.2, 10.1, 10.0, 9.x, 8.x, 7.x CVE : CVE-2015-2125 1. Create website that exploits vulnerability. 1.1. Website that steals files using OO...