MP

10 exploits Active since Oct 2006
CVE-2021-34523 NOMISEC CRITICAL SCANNER
Microsoft Exchange Server - Privilege Escalation
Microsoft Exchange Server Elevation of Privilege Vulnerability
2 stars
CVSS 9.0
CVE-2016-15048 WRITEUP CRITICAL WORKING POC
AMTT Hotel Broadband Operation System - Command Injection
AMTT Hotel Broadband Operation System (HiBOS) contains an unauthenticated command injection vulnerability in the /manager/radius/server_ping.php endpoint. The application constructs a shell command that includes the user-supplied ip parameter and executes it without proper validation or escaping. An attacker can insert shell metacharacters into the ip parameter to inject and execute arbitrary system commands as the web server user. The initial third-party disclosure in 2016 recommended contacting the vendor for remediation guidance. Additionally, this product may have been rebranded under a different name. VulnCheck has observed this vulnerability being exploited in the wild as of 2025-10-14 at 04:45:53.510819 UTC.
CVSS 9.8
CVE-2021-41419 WRITEUP CRITICAL WORKING POC
QVIS DVR and NVR Firmware < 2021-12-13 - Remote Code Execution via Java Deserialization
QVIS NVR DVR before 2021-12-13 is vulnerable to Remote Code Execution via Java deserialization.
CVSS 9.8
CVE-2022-48323 WRITEUP CRITICAL WORKING POC
Sunlogin Sunflower Simplified 1.0.1.43315 - Unauthenticated Path Traversal via Crafted HTTP Request
Sunlogin Sunflower Simplified (aka Sunflower Simple and Personal) 1.0.1.43315 is vulnerable to a path traversal issue. A remote and unauthenticated attacker can execute arbitrary programs on the victim host by sending a crafted HTTP request, as demonstrated by /check?cmd=ping../ followed by the pathname of the powershell.exe program.
CVSS 9.8
CVE-2006-5472 EXPLOITDB text WORKING POC
Softerra PHP Developer Library <1.5.3 - RCE
PHP remote file inclusion vulnerability in Softerra PHP Developer Library 1.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the lib_dir parameter in (1) lib/registry.lib.php, (2) lib/sqlcompose.lib.php, and (3) lib/sqlsearch.lib.php.
CVE-2006-5528 EXPLOITDB text WRITEUP
SchoolAlumni Portal 2.26 - Directory Traversal via mod Parameter
Directory traversal vulnerability in mod.php in SchoolAlumni Portal 2.26 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod parameter. NOTE: some of these details are obtained from third party information.
CVE-2006-5529 EXPLOITDB text WRITEUP
SchoolAlumni Portal 2.26 - Cross-Site Scripting via Query Parameter in Katalog Module
Cross-site scripting (XSS) vulnerability in smumdadotcom_ascyb_alumni/mod.php in SchoolAlumni Portal 2.26 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search operation in the katalog module. NOTE: some of these details are obtained from third party information.
EIP-2026-111451 EXPLOITDB perl WORKING POC
PowerMovieList 0.13/0.14 - Edit User HTML Injection
CVE-2006-5427 EXPLOITDB text WORKING POC
Php AMX 0.9.0 - Remote File Inclusion via plug_path Parameter
PHP remote file inclusion vulnerability in plugins/main.php in Php AMX 0.9.0, when register_globals is enabled or magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plug_path parameter.
CVE-2006-5423 EXPLOITDB text WORKING POC
Lou Portail 1.4.1 - Remote File Inclusion via g_admin_rep Parameter
PHP remote file inclusion vulnerability in admin/admin_module.php in Lou Portail 1.4.1, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the g_admin_rep parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.