Justin Steven

7 exploits Active since Jul 2017
CVE-2015-8239 NOMISEC HIGH WORKING POC
sudo <1.8.7 - Code Injection
The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed.
CVSS 7.0
CVE-2017-1000047 WRITEUP CRITICAL WRITEUP
rbenv - Path Traversal
rbenv (all current versions) is vulnerable to Directory Traversal in the specification of Ruby version resulting in arbitrary code execution
CVSS 9.8
CVE-2022-25891 WRITEUP HIGH WRITEUP
Containrrr Shoutrrr < 0.6.0 - Denial of Service
The package github.com/containrrr/shoutrrr/pkg/util before 0.6.0 are vulnerable to Denial of Service (DoS) via the util.PartitionMessage function. Exploiting this vulnerability is possible by sending exactly 2000, 4000, or 6000 characters messages.
CVSS 7.5
CVE-2021-22204 METASPLOIT MEDIUM ruby WORKING POC
GitLab Unauthenticated Remote ExifTool Command Injection
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image
CVSS 6.8
CVE-2020-7384 METASPLOIT HIGH ruby WORKING POC
Rapid7 Metasploit < 4.19.0 - Command Injection
Rapid7's Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary commands on a victim's machine.
CVSS 7.0
EIP-2026-103983 EXPLOITDB ruby WORKING POC
Metasploit Web UI - Diagnostic Console Command Execution (Metasploit)
CVE-2020-7384 EXPLOITDB HIGH python WORKING POC
Rapid7 Metasploit < 4.19.0 - Command Injection
Rapid7's Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary commands on a victim's machine.
CVSS 7.0