0xd0ff9

6 exploits Active since Sep 2018
CVE-2021-36394 NOMISEC CRITICAL WORKING POC
Moodle - RCE
In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin.
12 stars
CVSS 9.8
CVE-2018-16763 NOMISEC CRITICAL WORKING POC
FUEL CMS 1.4.1 - RCE
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution.
4 stars
CVSS 9.8
CVE-2018-16763 NOMISEC CRITICAL WORKING POC
FUEL CMS 1.4.1 - RCE
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution.
2 stars
CVSS 9.8
CVE-2018-16763 NOMISEC CRITICAL WORKING POC
FUEL CMS 1.4.1 - RCE
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution.
CVSS 9.8
CVE-2020-37052 EXPLOITDB CRITICAL python WORKING POC
AirControl 1.4.2 - RCE
AirControl 1.4.2 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through malicious Java expression injection. Attackers can exploit the /.seam endpoint by crafting a specially constructed URL with embedded Java expressions to run commands with the application's system privileges.
CVSS 9.8
CVE-2018-16763 EXPLOITDB CRITICAL python WORKING POC
FUEL CMS 1.4.1 - RCE
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution.
CVSS 9.8