Fellipe Oliveira - Security Researcher - Exploit Intelligence Platform

CVE-2020-24186 NOMISEC CRITICAL WORKING POC

wpDiscuz 7.0-7.0.4 - Unauthenticated Remote Code Execution via File Upload

A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action.

19 stars

CVSS 10.0

View Code

CVE-2021-26828 NOMISEC HIGH WORKING POC

ScadaBR < 0.9.1 - Authenticated Arbitrary JSP File Upload via view_edit.shtm

OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows remote authenticated users to upload and execute arbitrary JSP files via view_edit.shtm.

9 stars

CVSS 8.8

View Code

CVE-2018-19422 NOMISEC HIGH WORKING POC

Subrion CMS < 4.2.2 - Remote Code Execution via .pht or .phar File Upload

/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these.

8 stars

CVSS 7.2

View Code

CVE-2018-19422 NOMISEC HIGH WORKING POC

Subrion CMS < 4.2.2 - Remote Code Execution via .pht or .phar File Upload

/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these.

4 stars

CVSS 7.2

View Code

CVE-2021-26828 NOMISEC HIGH WORKING POC

ScadaBR < 0.9.1 - Authenticated Arbitrary JSP File Upload via view_edit.shtm

OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows remote authenticated users to upload and execute arbitrary JSP files via view_edit.shtm.

3 stars

CVSS 8.8

View Code

CVE-2021-31630 NOMISEC HIGH WORKING POC

OpenPLC Webserver v3 - Remote Code Execution via Hardware Layer Code Box

Command Injection in Open PLC Webserver v3 allows remote attackers to execute arbitrary code via the "Hardware Layer Code Box" component on the "/hardware" page of the application.

3 stars

CVSS 8.8

View Code

CVE-2019-12725 NOMISEC CRITICAL WORKING POC

ZeroShell 3.9.0 - Unauthenticated Remote Command Execution via HTTP Parameter Injection

Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters.

2 stars

CVSS 9.8

View Code

CVE-2021-31630 NOMISEC HIGH WORKING POC

OpenPLC Webserver v3 - Remote Code Execution via Hardware Layer Code Box

Command Injection in Open PLC Webserver v3 allows remote attackers to execute arbitrary code via the "Hardware Layer Code Box" component on the "/hardware" page of the application.

CVSS 8.8

View Code

CVE-2021-31630 NOMISEC HIGH WORKING POC

OpenPLC Webserver v3 - Remote Code Execution via Hardware Layer Code Box

Command Injection in Open PLC Webserver v3 allows remote attackers to execute arbitrary code via the "Hardware Layer Code Box" component on the "/hardware" page of the application.

CVSS 8.8

View Code

CVE-2021-31630 NOMISEC HIGH WORKING POC

OpenPLC Webserver v3 - Remote Code Execution via Hardware Layer Code Box

Command Injection in Open PLC Webserver v3 allows remote attackers to execute arbitrary code via the "Hardware Layer Code Box" component on the "/hardware" page of the application.

CVSS 8.8

View Code

CVE-2018-19422 NOMISEC HIGH WORKING POC

Subrion CMS < 4.2.2 - Remote Code Execution via .pht or .phar File Upload

/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these.

CVSS 7.2

View Code

CVE-2021-26828 INTHEWILD HIGH WORKING POC

ScadaBR < 0.9.1 - Authenticated Arbitrary JSP File Upload via view_edit.shtm

OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows remote authenticated users to upload and execute arbitrary JSP files via view_edit.shtm.

CVSS 8.8

View Code

CVE-2018-19422 INTHEWILD HIGH WORKING POC

Subrion CMS < 4.2.2 - Remote Code Execution via .pht or .phar File Upload

/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these.

CVSS 7.2

View Code

CVE-2021-47770 EXPLOITDB HIGH python WORKING POC

OpenPLC v3 - Authenticated Remote Code Execution via Hardware Configuration Interface

OpenPLC v3 contains an authenticated remote code execution vulnerability that allows attackers with valid credentials to inject malicious code through the hardware configuration interface. Attackers can upload a custom hardware layer with embedded reverse shell code that establishes a network connection to a specified IP and port, enabling remote command execution.

CVSS 8.8

View Code

CVE-2018-19422 METASPLOIT HIGH ruby WORKING POC

Subrion CMS < 4.2.2 - Remote Code Execution via .pht or .phar File Upload

/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these.

CVSS 7.2

View Code

EIP-2026-119420 EXPLOITDB python WORKING POC

ScadaBR 1.0 - Arbitrary File Upload (Authenticated) (1)

View Code

CVE-2020-24186 EXPLOITDB CRITICAL python WORKING POC

wpDiscuz 7.0-7.0.4 - Unauthenticated Remote Code Execution via File Upload

A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action.

CVSS 10.0

View Code

CVE-2018-19422 EXPLOITDB HIGH python WORKING POC

Subrion CMS < 4.2.2 - Remote Code Execution via .pht or .phar File Upload

/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these.

CVSS 7.2

View Code

EIP-2026-103321 EXPLOITDB python WORKING POC

ScadaBR 1.0 - Arbitrary File Upload (Authenticated) (2)

View Code

CVE-2019-12725 EXPLOITDB CRITICAL python WORKING POC

ZeroShell 3.9.0 - Unauthenticated Remote Command Execution via HTTP Parameter Injection

Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters.

CVSS 9.8

View Code

CVE-2021-26084 EXPLOITDB CRITICAL python WORKING POC

Atlassian Confluence Server and Data Center - OGNL Injection

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.

CVSS 9.8

View Code

CVE-2022-26134 EXPLOITDB CRITICAL python WORKING POC

Confluence - Remote Code Execution

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.

CVSS 9.8

View Code