James Fitts

69 exploits Active since Sep 2005
CVE-2017-20184 EXPLOITDB HIGH ruby WORKING POC
Carlo Gavazzi Powersoft <2.1.1.1 - Path Traversal
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Carlo Gavazzi Powersoft up to version 2.1.1.1 allows an unauthenticated, remote attacker to download any file from the affected device.
CVSS 7.5
CVE-2016-9349 EXPLOITDB HIGH ruby WORKING POC
Advantech SUISAccess Server <3.0 - Info Disclosure
An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. An attacker could traverse the file system and extract files that can result in information disclosure.
CVSS 7.5
CVE-2012-10027 EXPLOITDB ruby WORKING POC
WP-Property <1.35.0 - RCE
WP-Property plugin for WordPress through version 1.35.0 contains an unauthenticated file upload vulnerability in the third-party `uploadify.php` script. A remote attacker can upload arbitrary PHP files to a temporary directory without authentication, leading to remote code execution.
CVE-2012-10026 EXPLOITDB ruby WORKING POC
Asset-Manager <2.0 - RCE
The WordPress plugin Asset-Manager version 2.0 and below contains an unauthenticated arbitrary file upload vulnerability in upload.php. The endpoint fails to properly validate and restrict uploaded file types, allowing remote attackers to upload malicious PHP scripts to a predictable temporary directory. Once uploaded, the attacker can execute the file via a direct HTTP GET request, resulting in remote code execution under the web server’s context.
CVE-2011-10032 EXPLOITDB ruby WORKING POC
Sunway ForceControl <6.1 SP3 - Buffer Overflow
Sunway ForceControl version 6.1 SP3 and earlier contains a stack-based buffer overflow vulnerability in the SNMP NetDBServer service, which listens on TCP port 2001. The flaw is triggered when the service receives a specially crafted packet using opcode 0x57 with an overly long payload. Due to improper bounds checking during packet parsing, attacker-controlled data overwrites the Structured Exception Handler (SEH), allowing arbitrary code execution in the context of the service. This vulnerability can be exploited remotely without authentication and may lead to full system compromise on affected Windows hosts.
CVE-2011-10015 EXPLOITDB ruby WORKING POC
Cytel Studio <9.0 - Buffer Overflow
Cytel Studio version 9.0 and earlier is vulnerable to a stack-based buffer overflow triggered by parsing a malformed .CY3 file. The vulnerability occurs when the application copies user-controlled strings into a fixed-size stack buffer (256 bytes) without proper bounds checking. Exploitation allows arbitrary code execution when the crafted file is opened.
CVE-2015-7602 METASPLOIT ruby WORKING POC
BisonWare BisonFTP <3.5 - Path Traversal
Directory traversal vulnerability in BisonWare BisonFTP 3.5 allows remote attackers to read arbitrary files via a ../ (dot dot slash) in a RETR command.
CVE-2015-7603 METASPLOIT ruby WORKING POC
Konica Minolta FTP Utility 1.0 - Path Traversal
Directory traversal vulnerability in Konica Minolta FTP Utility 1.0 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in a RETR command.
CVE-2015-7601 METASPLOIT ruby WORKING POC
PCMan's FTP Server <2.0.7 - Path Traversal
Directory traversal vulnerability in PCMan's FTP Server 2.0.7 allows remote attackers to read arbitrary files via a ..// (dot dot double slash) in a RETR command.
CVE-2012-10027 METASPLOIT ruby WORKING POC
WP-Property <1.35.0 - RCE
WP-Property plugin for WordPress through version 1.35.0 contains an unauthenticated file upload vulnerability in the third-party `uploadify.php` script. A remote attacker can upload arbitrary PHP files to a temporary directory without authentication, leading to remote code execution.
CVE-2013-2097 METASPLOIT HIGH ruby WORKING POC
ZPanel <10.1.0 - RCE
ZPanel through 10.1.0 has Remote Command Execution
CVSS 7.8
CVE-2012-10026 METASPLOIT ruby WORKING POC
Asset-Manager <2.0 - RCE
The WordPress plugin Asset-Manager version 2.0 and below contains an unauthenticated arbitrary file upload vulnerability in upload.php. The endpoint fails to properly validate and restrict uploaded file types, allowing remote attackers to upload malicious PHP scripts to a predictable temporary directory. Once uploaded, the attacker can execute the file via a direct HTTP GET request, resulting in remote code execution under the web server’s context.
CVE-2011-0340 METASPLOIT ruby WORKING POC
Advantech Studio < 7.0 - Memory Corruption
Multiple buffer overflows in the ISSymbol ActiveX control in ISSymbol.ocx 61.6.0.0 and 301.1009.2904.0 in the ISSymbol virtual machine, as distributed in Advantech Studio 6.1 SP6 61.6.01.05, InduSoft Web Studio before 7.0+SP1, and InduSoft Thin Client 7.0, allow remote attackers to execute arbitrary code via a long (1) InternationalOrder, (2) InternationalSeparator, or (3) LogFileName property value; or (4) a long bstrFileName argument to the OpenScreen method.
CVE-2009-4962 METASPLOIT ruby WORKING POC
Adammo Fat Player - Memory Corruption
Stack-based buffer overflow in Fat Player 0.6b allows remote attackers to execute arbitrary code via a long string in a .wav file. NOTE: some of these details are obtained from third party information.
CVE-2010-5299 METASPLOIT ruby WORKING POC
MicroP 0.1.1.1600 - Buffer Overflow
Stack-based buffer overflow in MicroP 0.1.1.1600 allows remote attackers to execute arbitrary code via a crafted .mppl file. NOTE: it has been reported that the overflow is in the lpFileName parameter of the CreateFileA function, but the overflow is probably caused by a separate, unnamed function.
CVE-2011-10015 METASPLOIT ruby WORKING POC
Cytel Studio <9.0 - Buffer Overflow
Cytel Studio version 9.0 and earlier is vulnerable to a stack-based buffer overflow triggered by parsing a malformed .CY3 file. The vulnerability occurs when the application copies user-controlled strings into a fixed-size stack buffer (256 bytes) without proper bounds checking. Exploitation allows arbitrary code execution when the crafted file is opened.
CVE-2011-5165 METASPLOIT ruby WORKING POC
Cleanersoft Free Mp3 CD Ripper < 2.6 - Memory Corruption
Stack-based buffer overflow in Free MP3 CD Ripper 1.1, 2.6 and earlier, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted .wav file.
CVE-2013-3482 METASPLOIT ruby WORKING POC
Hexagon Erdas ER Viewer < 13.0.1.1298 - Memory Corruption
Stack-based buffer overflow in the rf_report_error function in ermapper_u.dll in Intergraph ERDAS ER Viewer before 13.0.1.1301 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long string in an ERS file.
CVE-2010-5081 METASPLOIT ruby WORKING POC
Mini-Stream RM-MP3 Converter 3.1.2.1 - Buffer Overflow
Stack-based buffer overflow in Mini-Stream RM-MP3 Converter 3.1.2.1 allows remote attackers to execute arbitrary code via a long URL in a .pls file.
CVE-2011-10032 METASPLOIT ruby WORKING POC
Sunway ForceControl <6.1 SP3 - Buffer Overflow
Sunway ForceControl version 6.1 SP3 and earlier contains a stack-based buffer overflow vulnerability in the SNMP NetDBServer service, which listens on TCP port 2001. The flaw is triggered when the service receives a specially crafted packet using opcode 0x57 with an overly long payload. Due to improper bounds checking during packet parsing, attacker-controlled data overwrites the Structured Exception Handler (SEH), allowing arbitrary code execution in the context of the service. This vulnerability can be exploited remotely without authentication and may lead to full system compromise on affected Windows hosts.
CVE-2014-0780 EXPLOITDB CRITICAL ruby WORKING POC
Indusoft Web Studio - Path Traversal
Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7.1 before SP2 Patch 4 allows remote attackers to read administrative passwords in APP files, and consequently execute arbitrary code, via unspecified web requests.
CVSS 9.8
CVE-2011-3487 EXPLOITDB ruby WORKING POC
Carel PlantVisor <2.4.4 - Path Traversal
Directory traversal vulnerability in CarelDataServer.exe in Carel PlantVisor 2.4.4 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request.
EIP-2026-119338 EXPLOITDB ruby WORKING POC
ZScada Modbus Buffer 2.0 - Stack Buffer Overflow (Metasploit)
EIP-2026-119130 EXPLOITDB ruby WORKING POC
Sielco Sistemi Winlog 2.07.16 - Remote Buffer Overflow (Metasploit)
CVE-2017-5177 EXPLOITDB HIGH ruby WORKING POC
VIPA Controls WinPLC7 <5.0.45.5921 - Buffer Overflow
A Stack Buffer Overflow issue was discovered in VIPA Controls WinPLC7 5.0.45.5921 and prior. A stack-based buffer overflow vulnerability has been identified, where an attacker with a specially crafted packet could overflow the fixed length buffer. This could allow remote code execution.
CVSS 7.5