Michael Heinzl

27 exploits Active since Nov 2022
CVE-2024-24809 METASPLOIT HIGH ruby WORKING POC
Traccar - Unrestricted File Upload
Traccar is an open source GPS tracking system. Versions prior to 6.0 are vulnerable to path traversal and unrestricted upload of file with dangerous type. Since the system allows registration by default, attackers can acquire ordinary user permissions by registering an account and exploit this vulnerability to upload files with the prefix `device.` under any folder. Attackers can use this vulnerability for phishing, cross-site scripting attacks, and potentially execute arbitrary commands on the server. Version 6.0 contains a patch for the issue.
CVSS 8.5
CVE-2024-24809 METASPLOIT HIGH ruby WORKING POC
Traccar - Unrestricted File Upload
Traccar is an open source GPS tracking system. Versions prior to 6.0 are vulnerable to path traversal and unrestricted upload of file with dangerous type. Since the system allows registration by default, attackers can acquire ordinary user permissions by registering an account and exploit this vulnerability to upload files with the prefix `device.` under any folder. Attackers can use this vulnerability for phishing, cross-site scripting attacks, and potentially execute arbitrary commands on the server. Version 6.0 contains a patch for the issue.
CVSS 8.5
CVE-2024-5910 METASPLOIT CRITICAL ruby WORKING POC
Palo Alto Expedition Remote Code Execution (CVE-2024-5910 and CVE-2024-9464)
Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition. Note: Expedition is a tool aiding in configuration migration, tuning, and enrichment. Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue.
CVSS 9.8
CVE-2025-24865 METASPLOIT CRITICAL ruby WORKING POC
mySCADA myPRO Manager - Info Disclosure
The administrative web interface of mySCADA myPRO Manager can be accessed without authentication which could allow an unauthorized attacker to retrieve sensitive information and upload files without the associated password.
CVSS 10.0
CVE-2022-38120 METASPLOIT MEDIUM ruby WORKING POC
POWERCOM UPSMON PRO Path Traversal (CVE-2022-38120) and Credential Harvester (CVE-2022-38121)
UPSMON PRO’s has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to bypass authentication and access arbitrary system files.
CVSS 6.5
CVE-2023-2915 METASPLOIT HIGH ruby WORKING POC
ThinManager Path Traversal (CVE-2023-2915) Arbitrary File Delete
The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, Due to improper input validation, a path traversal vulnerability exists when the ThinManager software processes a certain function. If exploited, an unauthenticated remote threat actor can delete arbitrary files with system privileges. A malicious user could exploit this vulnerability by sending a specifically crafted synchronization protocol message resulting in a denial-of-service condition.
CVSS 7.5
CVE-2023-27855 METASPLOIT CRITICAL ruby WORKING POC
ThinManager Path Traversal (CVE-2023-27855) Arbitrary File Upload
In affected versions, a path traversal exists when processing a message in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker could potentially exploit this vulnerability to upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. The attacker could overwrite existing executable files with attacker-controlled, malicious contents, potentially causing remote code execution.
CVSS 9.8
CVE-2023-2917 METASPLOIT CRITICAL ruby WORKING POC
ThinManager Path Traversal (CVE-2023-2917) Arbitrary File Upload
The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability.  Due to an improper input validation, a path traversal vulnerability exists, via the filename field, when the ThinManager processes a certain function. If exploited, an unauthenticated remote attacker can upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed.  A malicious user could exploit this vulnerability by sending a crafted synchronization protocol message and potentially gain remote code execution abilities.
CVSS 9.8
CVE-2025-22896 METASPLOIT HIGH ruby WORKING POC
mySCADA myPRO Manager Credential Harvester (CVE-2025-24865 and CVE-2025-22896)
mySCADA myPRO Manager stores credentials in cleartext, which could allow an attacker to obtain sensitive information.
CVSS 8.6
CVE-2024-7593 METASPLOIT CRITICAL ruby WORKING POC
Ivanti Virtual Traffic Manager Authentication Bypass (CVE-2024-7593)
Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.
CVSS 9.8
CVE-2024-20419 METASPLOIT CRITICAL ruby WORKING POC
Cisco Smart Software Manager (SSM) On-Prem Account Takeover (CVE-2024-20419)
A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users. This vulnerability is due to improper implementation of the password-change process. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow an attacker to access the web UI or API with the privileges of the compromised user.
CVSS 10.0
CVE-2023-6329 METASPLOIT CRITICAL ruby WORKING POC
Control iD iDSecure Authentication Bypass (CVE-2023-6329)
An authentication bypass vulnerability exists in Control iD iDSecure v4.7.32.0. The login routine used by iDS-Core.dll contains a "passwordCustom" option that allows an unauthenticated attacker to compute valid credentials that can be used to bypass authentication and act as an administrative user.
CVSS 9.8
CVE-2024-6670 METASPLOIT CRITICAL ruby WORKING POC
WhatsUp Gold SQL Injection (CVE-2024-6670)
In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.
CVSS 9.8
CVE-2024-5276 METASPLOIT CRITICAL ruby WORKING POC
Fortra FileCatalyst Workflow SQL Injection (CVE-2024-5276)
A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify application data.  Likely impacts include creation of administrative users and deletion or modification of data in the application database. Data exfiltration via SQL injection is not possible using this vulnerability. Successful unauthenticated exploitation requires a Workflow system with anonymous access enabled, otherwise an authenticated user is required. This issue affects all versions of FileCatalyst Workflow from 5.1.6 Build 135 and earlier.
CVSS 9.8
CVE-2024-28987 METASPLOIT CRITICAL ruby WORKING POC
SolarWinds Web Help Desk - Hardcoded Credential
The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing remote unauthenticated user to access internal functionality and modify data.
CVSS 9.1
CVE-2023-27856 METASPLOIT HIGH ruby WORKING POC
ThinManager Path Traversal (CVE-2023-27856) Arbitrary File Download
In affected versions, path traversal exists when processing a message of type 8 in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker can exploit this vulnerability to download arbitrary files on the disk drive where ThinServer.exe is installed.
CVSS 7.5
CVE-2022-38121 METASPLOIT MEDIUM ruby WORKING POC
USPSON PRO - Info Disclosure
UPSMON PRO configuration file stores user password in plaintext under public user directory. A remote attacker with general user privilege can access all users‘ and administrators' account names and passwords via this unprotected configuration file.
CVSS 6.5
CVE-2025-2264 METASPLOIT HIGH ruby WORKING POC
Sante PACS Server Path Traversal (CVE-2025-2264)
A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server.exe". An unauthenticated remote attacker can exploit it to download arbitrary files on the disk drive where the application is installed.
CVSS 7.5
CVE-2024-6782 METASPLOIT CRITICAL ruby WORKING POC
Calibre 6.9.0-7.14.0 - Unauthenticated RCE
Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthenticated attackers to achieve remote code execution.
CVSS 9.8
CVE-2023-40504 METASPLOIT CRITICAL ruby WORKING POC
LG Simple Editor Command Injection (CVE-2023-40504)
LG Simple Editor readVideoInfo Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the readVideoInfo method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. . Was ZDI-CAN-19953.
CVSS 9.8
CVE-2024-7399 METASPLOIT HIGH ruby WORKING POC
Samsung MagicINFO 9 Server Remote Code Execution (CVE-2024-7399)
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority.
CVSS 8.8
CVE-2024-4548 METASPLOIT CRITICAL ruby WORKING POC
DIAEnergie SQL Injection (CVE-2024-4548)
An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateHDMWYC' message, which is split into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field.
CVSS 9.8
CVE-2024-47407 METASPLOIT CRITICAL ruby WORKING POC
mySCADA myPRO Manager Unauthenticated Command Injection (CVE-2024-47407)
A parameter within a command does not properly validate input within myPRO Manager which could be exploited by an unauthenticated remote attacker to inject arbitrary operating system commands.
CVSS 10.0
CVE-2023-28384 METASPLOIT HIGH ruby WORKING POC
mySCADA MyPRO Authenticated Command Injection (CVE-2023-28384)
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands.
CVSS 8.8
CVE-2024-9464 METASPLOIT MEDIUM ruby WORKING POC
Paloaltonetworks Expedition < 1.2.96 - OS Command Injection
An OS command injection vulnerability in Palo Alto Networks Expedition allows an authenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.
CVSS 6.5