IHTeam - Security Researcher - Exploit Intelligence Platform

CVE-2022-31814 NOMISEC CRITICAL WORKING POC

pfBlockerNG < 2.1.4_26 - Remote Code Execution via HTTP Host Header

pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected.

1 stars

CVSS 9.8

View Code

CVE-2020-35665 METASPLOIT CRITICAL ruby WORKING POC

TerraMaster Operating System <= 4.2.06 - Unauthenticated Remote Code Execution via Event Parameter in makecvs.php

An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation.

CVSS 9.8

View Code

CVE-2009-3181 EXPLOITDB bash WORKING POC

Anantasoft Gazelle CMS 1.0 - Path Traversal and Arbitrary File Write via Customize Template Parameter

Directory traversal vulnerability in Anantasoft Gazelle CMS 1.0 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the customizetemplate parameter in a direct request to admin/settemplate.php.

View Code

CVE-2009-3180 EXPLOITDB bash WORKING POC

Anantasoft Gazelle CMS 1.0 - Unauthenticated Password Reset via User Parameter

Anantasoft Gazelle CMS 1.0 allows remote attackers to conduct a password reset for other users via a modified user parameter to renew.php.

View Code

CVE-2009-3171 EXPLOITDB bash WORKING POC

Anantasoft Gazelle CMS < 1.0 - Cross-Site Scripting via User or Lookup Parameter

Multiple cross-site scripting (XSS) vulnerabilities in Anantasoft Gazelle CMS 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user parameter to user.php or (2) lookup parameter to search.php.

View Code

CVE-2010-0288 EXPLOITDB text WORKING POC

DokuWiki < 2009-12-25b - Unauthenticated Privilege Escalation via ACL Manager Plugin

A typo in the administrator permission check in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to gain privileges and access closed wikis by editing current ACL statements, as demonstrated in the wild in January 2010.

View Code

CVE-2009-3167 EXPLOITDB bash WORKING POC

Anantasoft Gazelle CMS 1.0 - Path Traversal via Template Parameter

Directory traversal vulnerability in index.php in Anantasoft Gazelle CMS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter.

View Code

CVE-2022-31814 METASPLOIT CRITICAL ruby WORKING POC

pfBlockerNG < 2.1.4_26 - Remote Code Execution via HTTP Host Header

pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected.

CVSS 9.8

View Code

CVE-2020-28188 METASPLOIT CRITICAL ruby WORKING POC

TerraMaster TOS <= 4.2.06 - Unauthenticated Remote Code Execution via Event Parameter

Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php in Event parameter.

CVSS 9.8

View Code

EIP-2026-113704 EXPLOITDB php WORKING POC

WordPress Plugin E-Commerce 3.8.4 - SQL Injection

View Code

EIP-2026-113607 EXPLOITDB text WRITEUP

WordPress Plugin bSuite 4.0.7 - Multiple HTML Injection Vulnerabilities

View Code

CVE-2007-6647 EXPLOITDB text WORKING POC

w-agora < 4.2.1 - SQL Injection via Index.php Cat Parameter

SQL injection vulnerability in index.php in w-Agora 4.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter.

View Code

EIP-2026-113324 EXPLOITDB text WORKING POC

WebJaxe - SQL Injection

View Code

EIP-2026-112799 EXPLOITDB text WRITEUP

TS Special Edition 7.0 - Multiple Vulnerabilities

View Code

EIP-2026-112250 EXPLOITDB text WRITEUP

smbind 0.4.7 - SQL Injection

View Code

CVE-2007-5068 EXPLOITDB text WORKING POC

phpFullAnnu 6.0 - SQL Injection via mod Parameter

SQL injection vulnerability in index.php in phpFullAnnu (PFA) 6.0 allows remote attackers to execute arbitrary SQL commands via the mod parameter.

View Code

CVE-2022-31814 EXPLOITDB CRITICAL python WORKING POC

pfBlockerNG < 2.1.4_26 - Remote Code Execution via HTTP Host Header

pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected.

CVSS 9.8

View Code

CVE-2009-3182 EXPLOITDB bash WORKING POC

Anantasoft Gazelle CMS 1.0 - Unauthenticated Arbitrary File Upload via File Manager

Unrestricted file upload vulnerability in admin/editor/filemanager/browser.html in Anantasoft Gazelle CMS 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in user/File/.

View Code

EIP-2026-106791 EXPLOITDB text WRITEUP

EFront 3.6.9 Community Edition - Multiple Vulnerabilities

View Code

CVE-2010-0287 EXPLOITDB text WORKING POC

DokuWiki < 2009-12-25b - Directory Traversal via ACL Manager ns Parameter

Directory traversal vulnerability in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to list the contents of arbitrary directories via a .. (dot dot) in the ns parameter.

View Code

CVE-2007-5061 EXPLOITDB text WORKING POC

Clansphere 2007.4 - SQL Injection via cat_id Parameter

SQL injection vulnerability in mods/banners/navlist.php in Clansphere 2007.4 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to index.php in a banners action.

View Code

EIP-2026-105980 EXPLOITDB text WORKING POC

CMS Made Simple 1.6.2 - Local File Disclosure

View Code

EIP-2026-105825 EXPLOITDB perl WORKING POC

ChillyCMS - Blind SQL Injection

View Code

EIP-2026-103327 EXPLOITDB python WORKING POC

TerraMaster TOS 4.2.06 - RCE (Unauthenticated)

View Code

CVE-2020-35665 EXPLOITDB CRITICAL ruby WORKING POC

TerraMaster Operating System <= 4.2.06 - Unauthenticated Remote Code Execution via Event Parameter in makecvs.php

An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation.

CVSS 9.8

View Code