Grant Willcox

16 exploits Active since Apr 2019
CVE-2023-21931 METASPLOIT HIGH ruby WORKING POC
Oracle Weblogic PreAuth Remote Command Execution via ForeignOpaqueReference IIOP Deserialization
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
CVSS 7.5
CVE-2021-45511 METASPLOIT MEDIUM ruby WORKING POC
NETGEAR Multiple Routers - Authentication Bypass
Certain NETGEAR devices are affected by authentication bypass. This affects AC2100 before 2021-08-27, AC2400 before 2021-08-27, AC2600 before 2021-08-27, D7000 before 2021-08-27, R6220 before 2021-08-27, R6230 before 2021-08-27, R6260 before 2021-08-27, R6330 before 2021-08-27, R6350 before 2021-08-27, R6700v2 before 2021-08-27, R6800 before 2021-08-27, R6850 before 2021-08-27, R6900v2 before 2021-08-27, R7200 before 2021-08-27, R7350 before 2021-08-27, R7400 before 2021-08-27, and R7450 before 2021-08-27.
CVSS 6.8
CVE-2019-11580 METASPLOIT CRITICAL ruby WORKING POC
Atlassian Crowd 2.1.0-3.4.3 - Remote Code Execution via pdkinstall Plugin
Atlassian Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits remote code execution on systems running a vulnerable version of Crowd or Crowd Data Center. All versions of Crowd from version 2.1.0 before 3.0.5 (the fixed version for 3.0.x), from version 3.1.0 before 3.1.6 (the fixed version for 3.1.x), from version 3.2.0 before 3.2.8 (the fixed version for 3.2.x), from version 3.3.0 before 3.3.5 (the fixed version for 3.3.x), and from version 3.4.0 before 3.4.4 (the fixed version for 3.4.x) are affected by this vulnerability.
CVSS 9.8
CVE-2020-7200 METASPLOIT CRITICAL ruby WORKING POC
HPE Systems Insight Manager 7.6 - Remote Code Execution
A potential security vulnerability has been identified in HPE Systems Insight Manager (SIM) version 7.6. The vulnerability could be exploited to allow remote code execution.
CVSS 9.8
CVE-2023-21839 METASPLOIT HIGH ruby WORKING POC
Oracle WebLogic Server <14.1.1.0.0 - RCE
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
CVSS 7.5
CVE-2021-35449 METASPLOIT HIGH ruby WORKING POC
Lexmark Universal Print Driver <2.15.1.0 - Privilege Escalation
The Lexmark Universal Print Driver version 2.15.1.0 and below, G2 driver 2.7.1.0 and below, G3 driver 3.2.0.0 and below, and G4 driver 4.2.1.0 and below are affected by a privilege escalation vulnerability. A standard low priviliged user can use the driver to execute a DLL of their choosing during the add printer process, resulting in escalation of privileges to SYSTEM.
CVSS 7.8
CVE-2022-35405 METASPLOIT CRITICAL ruby WORKING POC
ManageEngine Password Manager Pro <12101 & PAM360 <5510 - RCE via Java Deserialization
Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. (This also affects ManageEngine Access Manager Plus before 4303 with authentication.)
CVSS 9.8
CVE-2022-23277 METASPLOIT HIGH ruby WORKING POC
Microsoft Exchange Server ChainedSerializationBinder RCE
Microsoft Exchange Server Remote Code Execution Vulnerability
CVSS 8.8
CVE-2023-29084 METASPLOIT HIGH ruby WORKING POC
ManageEngine ADManager Plus ChangePasswordAction Authenticated Command Injection
Zoho ManageEngine ADManager Plus before 7181 allows for authenticated users to exploit command injection via Proxy settings.
CVSS 7.2
CVE-2022-26904 METASPLOIT HIGH ruby WORKING POC
Windows User Profile Service - Privilege Escalation
Windows User Profile Service Elevation of Privilege Vulnerability
CVSS 7.0
CVE-2020-1170 METASPLOIT HIGH ruby WORKING POC
Windows Defender - Elevation of Privilege via Arbitrary File Deletion
An elevation of privilege vulnerability exists in Windows Defender that leads arbitrary file deletion on the system.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Defender Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1163.
CVSS 7.8
CVE-2021-40449 METASPLOIT HIGH ruby WORKING POC
Windows 10 1507-21H1, Windows 11, Windows Server 2004-2019 - Use-After-Free in Win32k
Win32k Elevation of Privilege Vulnerability
CVSS 7.8
CVE-2019-0808 METASPLOIT HIGH ruby WORKING POC
Windows 7 and Windows Server 2008 - Local Privilege Escalation in Win32k Component
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0797.
CVSS 7.8
CVE-2021-33393 METASPLOIT HIGH ruby WORKING POC
IPFire 2.25-core155 - Privilege Escalation
lfs/backup in IPFire 2.25-core155 does not ensure that /var/ipfire/backup/bin/backup.pl is owned by the root account. It might be owned by an unprivileged account, which could potentially be used to install a Trojan horse backup.pl script that is later executed by root. Similar problems with the ownership/permissions of other files may be present as well.
CVSS 8.8
CVE-2021-3490 METASPLOIT HIGH ruby WORKING POC
Linux eBPF ALU32 32-bit Invalid Bounds Tracking LPE
The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. This issue was fixed via commit 049c4e13714e ("bpf: Fix alu32 const subreg bound tracking on bitwise operations") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. The AND/OR issues were introduced by commit 3f50f132d840 ("bpf: Verifier, do explicit ALU32 bounds tracking") (5.7-rc1) and the XOR variant was introduced by 2921c90d4718 ("bpf:Fix a verifier failure with xor") ( 5.10-rc1).
CVSS 7.8
CVE-2021-21978 METASPLOIT CRITICAL ruby WORKING POC
VMware View Planner 4.0-4.5 - Unauthenticated Remote Code Execution via Logupload Arbitrary File Upload
VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input validation and lack of authorization leading to arbitrary file upload in logupload web application. An unauthorized attacker with network access to View Planner Harness could upload and execute a specially crafted file leading to remote code execution within the logupload container.
CVSS 9.8