Ben Schmidt

14 exploits Active since Sep 2008
EIP-2026-119316 EXPLOITDB ruby WORKING POC
Xerver 4.32 - Source Disclosure / HTTP Authentication Bypass (Metasploit)
EIP-2026-114295 EXPLOITDB text WORKING POC
WordPress Plugin Zingiri Web Shop 2.2.0 - Remote File Inclusion
EIP-2026-114112 EXPLOITDB text WORKING POC
WordPress Plugin TheCartPress 1.1.1 - Remote File Inclusion
EIP-2026-114274 EXPLOITDB text WORKING POC
WordPress Plugin WPEasyStats 1.8 - Remote File Inclusion
EIP-2026-113683 EXPLOITDB text WORKING POC
WordPress Plugin Disclosure Policy 1.0 - Remote File Inclusion
EIP-2026-113872 EXPLOITDB text WORKING POC
WordPress Plugin Livesig 0.4 - Remote File Inclusion
EIP-2026-113896 EXPLOITDB text WORKING POC
WordPress Plugin Mini Mail Dashboard Widget 1.36 - Remote File Inclusion
CVE-2012-1205 EXPLOITDB text WORKING POC
Relocate Upload < 0.20 - Remote Code Execution via abspath Parameter
PHP remote file inclusion vulnerability in relocate-upload.php in Relocate Upload plugin before 0.20 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.
EIP-2026-113880 EXPLOITDB text WORKING POC
WordPress Plugin Mailing List 1.3.2 - Remote File Inclusion
EIP-2026-113513 EXPLOITDB ruby WORKING POC
WordPress Plugin 1 Flash Gallery 1.30 < 1.5.7a - Arbitrary File Upload (Metasploit)
CVE-2011-3981 EXPLOITDB text WORKING POC
Allwebmenus WordPress Plugin 1.1.3 - Remote Code Execution via abspath Parameter
PHP remote file inclusion vulnerability in actions.php in the Allwebmenus plugin 1.1.3 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.
EIP-2026-113563 EXPLOITDB text WORKING POC
WordPress Plugin Annonces 1.2.0.0 - Remote File Inclusion
CVE-2011-4106 EXPLOITDB text WORKING POC
TimThumb < 2.0 - Remote Code Execution via Domain Whitelist Bypass
TimThumb (timthumb.php) before 2.0 does not validate the entire source with the domain white list, which allows remote attackers to upload and execute arbitrary code via a URL containing a white-listed domain in the src parameter, then accessing it via a direct request to the file in the cache directory, as exploited in the wild in August 2011.
CVE-2008-4101 EXPLOITDB text WORKING POC
Vim < 7.2.010 - Arbitrary Command Execution via K Keystroke
Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) "Ctrl-]" (control close-square-bracket) or (3) "g]" (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712.