Dawid Golunski

78 exploits Active since Nov 2009
CVE-2016-10034 EXPLOITDB CRITICAL python WORKING POC
Zend Framework < 2.4.11 and zend-mail < 2.4.11 - Remote Code Execution via Sendmail Adapter setFrom Function
The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address.
CVSS 9.8
CVE-2016-10033 EXPLOITDB CRITICAL python WORKING POC
PHPMailer Sendmail Argument Injection
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
CVSS 9.8
CVE-2016-10033 EXPLOITDB CRITICAL bash WORKING POC
PHPMailer Sendmail Argument Injection
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
CVSS 9.8
CVE-2016-10033 EXPLOITDB CRITICAL python WORKING POC
PHPMailer Sendmail Argument Injection
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
CVSS 9.8
CVE-2016-10033 EXPLOITDB CRITICAL python WORKING POC
PHPMailer Sendmail Argument Injection
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
CVSS 9.8
CVE-2014-4701 EXPLOITDB text WORKING POC
Nagios Plugins <2.0.2 - Info Disclosure
The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4702.
CVE-2016-1531 METASPLOIT HIGH ruby WORKING POC
Exim <4.86.2 - Privilege Escalation
Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument.
CVSS 7.0
CVE-2016-10033 METASPLOIT CRITICAL ruby WORKING POC
PHPMailer Sendmail Argument Injection
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
CVSS 9.8
CVE-2016-10033 METASPLOIT CRITICAL ruby WORKING POC
PHPMailer Sendmail Argument Injection
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
CVSS 9.8
CVE-2020-27955 METASPLOIT CRITICAL ruby WORKING POC
Git Remote Code Execution via git-lfs (CVE-2020-27955)
Git LFS 2.12.0 allows Remote Code Execution.
CVSS 9.8
CVE-2016-1240 METASPLOIT HIGH ruby WORKING POC
Apache Tomcat on Ubuntu Log Init Privilege Escalation
The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and libtomcat6-java packages before 6.0.35-1ubuntu3.8 on Ubuntu 12.04 LTS, the tomcat7 and libtomcat7-java packages before 7.0.52-1ubuntu0.7 on Ubuntu 14.04 LTS, and tomcat8 and libtomcat8-java packages before 8.0.32-1ubuntu1.2 on Ubuntu 16.04 LTS allows local users with access to the tomcat account to gain root privileges via a symlink attack on the Catalina log file, as demonstrated by /var/log/tomcat7/catalina.out.
CVSS 7.8
CVE-2016-5425 METASPLOIT HIGH ruby WORKING POC
Apache Tomcat on RedHat Based Systems Insecure Temp Config Privilege Escalation
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
CVSS 7.8
EIP-2026-114561 EXPLOITDB text WORKING POC
Zabbix 1.8.1 - SQL Injection
CVE-2016-10034 EXPLOITDB CRITICAL php WORKING POC
Zend Framework < 2.4.11 and zend-mail < 2.4.11 - Remote Code Execution via Sendmail Adapter setFrom Function
The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address.
CVSS 9.8
CVE-2009-3890 EXPLOITDB text WORKING POC
WordPress < 2.8.5 - Authenticated Remote Code Execution via Multiple-Extension Filename Upload
Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
CVE-2016-6483 EXPLOITDB HIGH python WORKING POC
vBulletin <4.2.2 PL6-5.2.2 PL1 - SSRF
The media-file upload feature in vBulletin before 3.8.7 Patch Level 6, 3.8.8 before Patch Level 2, 3.8.9 before Patch Level 1, 4.x before 4.2.2 Patch Level 6, 4.2.3 before Patch Level 2, 5.x before 5.2.0 Patch Level 3, 5.2.1 before Patch Level 1, and 5.2.2 before Patch Level 1 allows remote attackers to conduct SSRF attacks via a crafted URL that results in a Redirection HTTP status code.
CVSS 8.6
CVE-2016-10074 EXPLOITDB CRITICAL php WORKING POC
SwiftMailer < 5.4.5 - Remote Code Execution via Mail Command Parameter Injection
The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer before 5.4.5 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address in the (1) From, (2) ReturnPath, or (3) Sender header.
CVSS 9.8
CVE-2016-10045 EXPLOITDB CRITICAL python WORKING POC
PHPMailer < 5.2.20 - Remote Code Execution via Sendmail Argument Injection
The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-10033.
CVSS 9.8
CVE-2016-10033 EXPLOITDB CRITICAL bash WORKING POC
PHPMailer Sendmail Argument Injection
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
CVSS 9.8
CVE-2016-10033 EXPLOITDB CRITICAL php WORKING POC
PHPMailer Sendmail Argument Injection
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
CVSS 9.8
CVE-2016-10074 EXPLOITDB CRITICAL python WORKING POC
SwiftMailer < 5.4.5 - Remote Code Execution via Mail Command Parameter Injection
The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer before 5.4.5 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address in the (1) From, (2) ReturnPath, or (3) Sender header.
CVSS 9.8
CVE-2016-10074 EXPLOITDB CRITICAL python WORKING POC
SwiftMailer < 5.4.5 - Remote Code Execution via Mail Command Parameter Injection
The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer before 5.4.5 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address in the (1) From, (2) ReturnPath, or (3) Sender header.
CVSS 9.8
EIP-2026-109014 EXPLOITDB text WRITEUP
Kirby CMS 2.1.0 - Authentication Bypass
EIP-2026-109015 EXPLOITDB text WRITEUP
Kirby CMS 2.1.0 - Cross-Site Request Forgery / Content Upload / PHP Script Execution
EIP-2026-107933 EXPLOITDB text WRITEUP
Invision Power Board 2.3.6/3.0.4 - Local File Inclusion / SQL Injection