Ben Schmidt

14 exploits Active since Sep 2008
EIP-2026-119316 EXPLOITDB ruby WORKING POC
Xerver 4.32 - Source Disclosure / HTTP Authentication Bypass (Metasploit)
EIP-2026-114295 EXPLOITDB text WORKING POC
WordPress Plugin Zingiri Web Shop 2.2.0 - Remote File Inclusion
EIP-2026-114112 EXPLOITDB text WORKING POC
WordPress Plugin TheCartPress 1.1.1 - Remote File Inclusion
EIP-2026-114274 EXPLOITDB text WORKING POC
WordPress Plugin WPEasyStats 1.8 - Remote File Inclusion
EIP-2026-113683 EXPLOITDB text WORKING POC
WordPress Plugin Disclosure Policy 1.0 - Remote File Inclusion
EIP-2026-113872 EXPLOITDB text WORKING POC
WordPress Plugin Livesig 0.4 - Remote File Inclusion
EIP-2026-113896 EXPLOITDB text WORKING POC
WordPress Plugin Mini Mail Dashboard Widget 1.36 - Remote File Inclusion
CVE-2012-1205 EXPLOITDB text WORKING POC
Alanft Relocate-upload < 0.14 - Code Injection
PHP remote file inclusion vulnerability in relocate-upload.php in Relocate Upload plugin before 0.20 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.
EIP-2026-113880 EXPLOITDB text WORKING POC
WordPress Plugin Mailing List 1.3.2 - Remote File Inclusion
EIP-2026-113513 EXPLOITDB ruby WORKING POC
WordPress Plugin 1 Flash Gallery 1.30 < 1.5.7a - Arbitrary File Upload (Metasploit)
CVE-2011-3981 EXPLOITDB text WORKING POC
Allwebmenus 1.1.3 - RCE
PHP remote file inclusion vulnerability in actions.php in the Allwebmenus plugin 1.1.3 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.
EIP-2026-113563 EXPLOITDB text WORKING POC
WordPress Plugin Annonces 1.2.0.0 - Remote File Inclusion
CVE-2011-4106 EXPLOITDB text WORKING POC
TimThumb <2.0 - RCE
TimThumb (timthumb.php) before 2.0 does not validate the entire source with the domain white list, which allows remote attackers to upload and execute arbitrary code via a URL containing a white-listed domain in the src parameter, then accessing it via a direct request to the file in the cache directory, as exploited in the wild in August 2011.
CVE-2008-4101 EXPLOITDB text WORKING POC
Vim < 7.2 - Improper Input Validation
Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) "Ctrl-]" (control close-square-bracket) or (3) "g]" (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712.