IHTeam

25 exploits Active since Sep 2007
CVE-2022-31814 NOMISEC CRITICAL WORKING POC
Netgate Pfblockerng < 2.1.4_26 - OS Command Injection
pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected.
1 stars
CVSS 9.8
CVE-2020-35665 METASPLOIT CRITICAL ruby WORKING POC
Terra-master Terramaster Operating System - OS Command Injection
An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation.
CVSS 9.8
CVE-2009-3181 EXPLOITDB bash WORKING POC
Anantasoft Gazelle Cms - Path Traversal
Directory traversal vulnerability in Anantasoft Gazelle CMS 1.0 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the customizetemplate parameter in a direct request to admin/settemplate.php.
CVE-2009-3180 EXPLOITDB bash WORKING POC
Anantasoft Gazelle Cms - Credentials Management
Anantasoft Gazelle CMS 1.0 allows remote attackers to conduct a password reset for other users via a modified user parameter to renew.php.
CVE-2009-3171 EXPLOITDB bash WORKING POC
Anantasoft Gazelle Cms < 1.0 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Anantasoft Gazelle CMS 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user parameter to user.php or (2) lookup parameter to search.php.
CVE-2010-0288 EXPLOITDB text WORKING POC
Dokuwiki < release_2009-02-14 - Access Control
A typo in the administrator permission check in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to gain privileges and access closed wikis by editing current ACL statements, as demonstrated in the wild in January 2010.
CVE-2009-3167 EXPLOITDB bash WORKING POC
Anantasoft Gazelle Cms - Path Traversal
Directory traversal vulnerability in index.php in Anantasoft Gazelle CMS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter.
CVE-2022-31814 METASPLOIT CRITICAL ruby WORKING POC
Netgate Pfblockerng < 2.1.4_26 - OS Command Injection
pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected.
CVSS 9.8
CVE-2020-28188 METASPLOIT CRITICAL ruby WORKING POC
Terra-master Tos < 4.2.06 - OS Command Injection
Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php in Event parameter.
CVSS 9.8
EIP-2026-113704 EXPLOITDB php WORKING POC
WordPress Plugin E-Commerce 3.8.4 - SQL Injection
EIP-2026-113607 EXPLOITDB text WRITEUP
WordPress Plugin bSuite 4.0.7 - Multiple HTML Injection Vulnerabilities
CVE-2007-6647 EXPLOITDB text WORKING POC
w-Agora <4.2.1 - SQL Injection
SQL injection vulnerability in index.php in w-Agora 4.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter.
EIP-2026-113324 EXPLOITDB text WORKING POC
WebJaxe - SQL Injection
EIP-2026-112799 EXPLOITDB text WRITEUP
TS Special Edition 7.0 - Multiple Vulnerabilities
EIP-2026-112250 EXPLOITDB text WRITEUP
smbind 0.4.7 - SQL Injection
CVE-2007-5068 EXPLOITDB text WORKING POC
Phpfullannu - SQL Injection
SQL injection vulnerability in index.php in phpFullAnnu (PFA) 6.0 allows remote attackers to execute arbitrary SQL commands via the mod parameter.
CVE-2022-31814 EXPLOITDB CRITICAL python WORKING POC
Netgate Pfblockerng < 2.1.4_26 - OS Command Injection
pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected.
CVSS 9.8
CVE-2009-3182 EXPLOITDB bash WORKING POC
Anantasoft Gazelle Cms - Access Control
Unrestricted file upload vulnerability in admin/editor/filemanager/browser.html in Anantasoft Gazelle CMS 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in user/File/.
EIP-2026-106791 EXPLOITDB text WRITEUP
EFront 3.6.9 Community Edition - Multiple Vulnerabilities
CVE-2010-0287 EXPLOITDB text WORKING POC
Dokuwiki < release_2009-02-14 - Path Traversal
Directory traversal vulnerability in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to list the contents of arbitrary directories via a .. (dot dot) in the ns parameter.
CVE-2007-5061 EXPLOITDB text WORKING POC
Clansphere - SQL Injection
SQL injection vulnerability in mods/banners/navlist.php in Clansphere 2007.4 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to index.php in a banners action.
EIP-2026-105980 EXPLOITDB text WORKING POC
CMS Made Simple 1.6.2 - Local File Disclosure
EIP-2026-105825 EXPLOITDB perl WORKING POC
ChillyCMS - Blind SQL Injection
EIP-2026-103327 EXPLOITDB python WORKING POC
TerraMaster TOS 4.2.06 - RCE (Unauthenticated)
CVE-2020-35665 EXPLOITDB CRITICAL ruby WORKING POC
Terra-master Terramaster Operating System - OS Command Injection
An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation.
CVSS 9.8