Darren Martyn

10 exploits Active since Sep 2014
CVE-2020-25223 NOMISEC CRITICAL WORKING POC
Sophos Unified Threat Management < 9.511 - OS Command Injection
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11
11 stars
CVSS 9.8
CVE-2014-6271 VULNCHECK_XDB CRITICAL WORKING POC
Apache mod_cgi Bash Environment Variable Code Injection (Shellshock)
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
CVSS 9.8
CVE-2022-41347 WRITEUP HIGH WORKING POC
Zimbra Collaboration <9.x - Privilege Escalation
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.x and 9.x (e.g., 8.8.15). The Sudo configuration permits the zimbra user to execute the NGINX binary as root with arbitrary parameters. As part of its intended functionality, NGINX can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root.
CVSS 7.8
CVE-2015-1427 METASPLOIT CRITICAL ruby WORKING POC
Elasticsearch <1.3.8, <1.4.3 - Command Injection
The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script.
CVSS 9.8
CVE-2022-37393 METASPLOIT HIGH ruby WORKING POC
Zimbra zmslapd arbitrary module load
Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root.
CVSS 7.8
EIP-2026-104138 EXPLOITDB ruby WORKING POC
Zemra Botnet (C2 Web Panel) - Remote Code Execution (Metasploit)
EIP-2026-104139 EXPLOITDB ruby WORKING POC
Zemra Botnet (C2 Web Panel) - Remote Code Execution (Metasploit)
CVE-2015-1427 EXPLOITDB CRITICAL python WORKING POC
Elasticsearch <1.3.8, <1.4.3 - Command Injection
The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script.
CVSS 9.8
CVE-2015-1427 EXPLOITDB CRITICAL ruby WORKING POC
Elasticsearch <1.3.8, <1.4.3 - Command Injection
The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script.
CVSS 9.8
EIP-2026-102020 EXPLOITDB python WORKING POC
SonicWall SSL-VPN 8.0.0.0 - 'visualdoor' Remote Code Execution (Unauthenticated)