Milad karimi

36 exploits Active since Apr 2022
CVE-2025-34499 EXPLOITDB MEDIUM text WRITEUP
AnyDesk 7.0.15,9.0.1 - Code Injection
AnyDesk 7.0.15 and 9.0.1 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated SYSTEM privileges. Attackers can exploit the unquoted service path configuration to inject malicious executables that will be run with high-level system permissions.
CVE-2024-0353 EXPLOITDB HIGH text WRITEUP
Eset Endpoint Antivirus < 8.1.2062.0 - Improper Privilege Management
Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper permission.
CVSS 7.8
CVE-2024-0353 EXPLOITDB HIGH text WRITEUP
Eset Endpoint Antivirus < 8.1.2062.0 - Improper Privilege Management
Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper permission.
CVSS 7.8
CVE-2023-54331 EXPLOITDB HIGH text WRITEUP
Outline 1.6.0 - Privilege Escalation
Outline 1.6.0 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path in the OutlineService executable to inject malicious code that will be executed with LocalSystem permissions.
CVSS 7.8
CVE-2020-37123 EXPLOITDB CRITICAL text WORKING POC
Pinger 1.0 - RCE
Pinger 1.0 contains a remote code execution vulnerability that allows attackers to inject shell commands through the ping and socket parameters. Attackers can exploit the unsanitized input in ping.php to write arbitrary PHP files and execute system commands by appending shell metacharacters.
CVSS 9.8
CVE-2020-36919 EXPLOITDB MEDIUM text WORKING POC
WPForms 1.7.8 - XSS
WPForms 1.7.8 contains a cross-site scripting vulnerability in the slider import search feature and tab parameter. Attackers can inject malicious scripts through the ListTable.php endpoint to execute arbitrary JavaScript in victim's browser.
CVSS 6.1
CVE-2024-21111 EXPLOITDB HIGH WORKING POC
Oracle VM Virtualbox < 7.0.16 - Improper Privilege Management
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Windows hosts only. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
CVSS 7.8
EIP-2026-117928 EXPLOITDB text WRITEUP
SolarWinds Kiwi Syslog Server 9.6.7.1 - Unquoted Service Path
CVE-2024-21338 EXPLOITDB HIGH c WORKING POC
Windows Kernel - Privilege Escalation
Windows Kernel Elevation of Privilege Vulnerability
CVSS 7.8
EIP-2026-117730 EXPLOITDB text WRITEUP
Oracle Database 12c Release 1 - Unquoted Service Path
CVE-2023-29336 EXPLOITDB HIGH c WORKING POC
Win32k - Privilege Escalation
Win32k Elevation of Privilege Vulnerability
CVSS 7.8
CVE-2024-38193 EXPLOITDB HIGH WORKING POC
Windows Ancillary Function Driver - Privilege Escalation
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVSS 7.8
CVE-2024-49138 EXPLOITDB HIGH c WORKING POC
Microsoft Windows 10 1507 < 10.0.10240.20857 - Heap Buffer Overflow
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVSS 7.8
EIP-2026-117488 EXPLOITDB text WRITEUP
Microsoft Exchange Active Directory Topology 15.02.1118.007 - 'Service MSExchangeADTopology' Unquoted Service Path
EIP-2026-116508 EXPLOITDB text WORKING POC
VMware Workstation 15 Pro - Denial of Service
EIP-2026-115257 EXPLOITDB python WORKING POC
FlashGet 1.9.6 - Denial of Service (PoC)
EIP-2026-114299 EXPLOITDB python SCANNER
Wordpress Seotheme - Remote Code Execution Unauthenticated
EIP-2026-114357 EXPLOITDB python SCANNER
Wordpress Theme Travelscape v1.0.3 - Arbitrary File Upload
EIP-2026-113965 EXPLOITDB text WORKING POC
Wordpress Plugin PicUploader 1.0 - Remote File Upload
EIP-2026-113844 EXPLOITDB text WORKING POC
WordPress Plugin Jetpack 9.1 - Cross Site Scripting (XSS)
EIP-2026-113837 EXPLOITDB text WORKING POC
WordPress Plugin International Sms For Contact Form 7 Integration V1.2 - Cross Site Scripting (XSS)
EIP-2026-113644 EXPLOITDB text WORKING POC
WordPress Plugin Contact Form Builder 1.6.1 - Cross-Site Scripting (XSS)
EIP-2026-113580 EXPLOITDB text WORKING POC
Wordpress Plugin Background Image Cropper v1.2 - Remote Code Execution
CVE-2022-4395 EXPLOITDB CRITICAL text WORKING POC
Membership For WooCommerce <2.1.7 - Unauthenticated RCE
The Membership For WooCommerce WordPress plugin before 2.1.7 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE.
CVSS 9.8
CVE-2023-2745 EXPLOITDB MEDIUM python WORKING POC
Wordpress < 4.1.38 - Path Traversal
WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘wp_lang’ parameter. This allows unauthenticated attackers to access and load arbitrary translation files. In cases where an attacker is able to upload a crafted translation file onto the site, such as via an upload form, this could be also used to perform a Cross-Site Scripting attack.
CVSS 5.4