Milad karimi

36 exploits Active since Apr 2022
CVE-2024-58349 EXPLOITDB CRITICAL python SCANNER
WordPress Theme Travelscape 1.0.3 Arbitrary File Upload
WordPress Theme Travelscape 1.0.3 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting insufficient validation in the theme's upload functionality. Attackers can upload arbitrary files to the theme directory and execute them to achieve remote code execution on the affected WordPress installation.
CVSS 9.8
CVE-2024-58348 EXPLOITDB CRITICAL text WORKING POC
WordPress Background Image Cropper 1.2 Remote Code Execution
WordPress Background Image Cropper version 1.2 contains a remote code execution vulnerability that allows unauthenticated attackers to upload arbitrary files by accessing the ups.php endpoint. Attackers can upload PHP files through the file upload form in the plugin directory to execute arbitrary code on the server.
CVSS 9.8
CVE-2023-54352 EXPLOITDB CRITICAL python WORKING POC
WP Travel Kit Travelscape - WordPress Seotheme Remote Code Execution Unauthenticated
WordPress Seotheme contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by uploading malicious files to the theme directory. Attackers can access the uploaded PHP shell at /wp-content/themes/seotheme/mar.php to execute system commands and upload additional files for persistent access.
CVSS 9.8
CVE-2023-54350 EXPLOITDB HIGH python WORKING POC
WordPress Augmented-Reality Plugin Remote Code Execution Unauthenticated
WordPress Augmented-Reality plugin contains a remote code execution vulnerability in the elFinder connector that allows unauthenticated attackers to upload and execute arbitrary PHP files. Attackers can send POST requests to the connector.minimal.php endpoint with mkfile and put commands to create malicious PHP files in the file_manager directory and execute them on the server.
CVSS 7.5
CVE-2022-50960 EXPLOITDB MEDIUM text WORKING POC
WordPress International Sms Contact Form 7 Integration 1.2 XSS
WordPress International SMS for Contact Form 7 Integration version 1.2 contains a reflected cross-site scripting vulnerability in the page parameter of the admin settings interface. Attackers can inject malicious scripts through the page parameter in class-sms-log-display.php to execute arbitrary JavaScript in administrator browsers.
CVSS 6.1
CVE-2022-50959 EXPLOITDB MEDIUM text WORKING POC
WordPress Contact Form Builder 1.6.1 Cross-Site Scripting via code_generator.php
WordPress Contact Form Builder 1.6.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting the form_id parameter. Attackers can craft malicious URLs to code_generator.php with script payloads in the form_id parameter to execute arbitrary JavaScript in victim browsers.
CVSS 6.1
CVE-2022-50958 EXPLOITDB MEDIUM text WORKING POC
WordPress Plugin Jetpack 9.1 Cross Site Scripting via grunion-form-view.php
WordPress Plugin Jetpack 9.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the post_id parameter. Attackers can craft URLs to the grunion-form-view.php endpoint with script payloads in the post_id parameter to execute arbitrary JavaScript in victim browsers.
CVSS 6.1
CVE-2022-50957 EXPLOITDB MEDIUM text WORKING POC
Drupal avatar_uploader 7.x-1.0-beta8 Reflected XSS
Drupal avatar_uploader 7.x-1.0-beta8 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the file parameter. Attackers can craft URLs with script payloads in the file parameter of avatar_uploader.pages.inc to execute arbitrary JavaScript in victim browsers.
CVSS 6.1
CVE-2025-34499 EXPLOITDB MEDIUM text WRITEUP
AnyDesk 7.0.15,9.0.1 - Code Injection
AnyDesk 7.0.15 and 9.0.1 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated SYSTEM privileges. Attackers can exploit the unquoted service path configuration to inject malicious executables that will be run with high-level system permissions.
CVE-2024-0353 EXPLOITDB HIGH text WRITEUP
ESET Endpoint Antivirus < 8.1.2062.0 - Local Privilege Escalation via File Deletion
Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper permission.
CVSS 7.8
CVE-2024-0353 EXPLOITDB HIGH text WRITEUP
ESET Endpoint Antivirus < 8.1.2062.0 - Local Privilege Escalation via File Deletion
Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper permission.
CVSS 7.8
CVE-2023-54331 EXPLOITDB HIGH text WRITEUP
Outline 1.6.0 - Privilege Escalation
Outline 1.6.0 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path in the OutlineService executable to inject malicious code that will be executed with LocalSystem permissions.
CVSS 7.8
CVE-2020-37123 EXPLOITDB CRITICAL text WORKING POC
Pinger 1.0 - Remote Code Execution via Ping and Socket Parameter Injection
Pinger 1.0 contains a remote code execution vulnerability that allows attackers to inject shell commands through the ping and socket parameters. Attackers can exploit the unsanitized input in ping.php to write arbitrary PHP files and execute system commands by appending shell metacharacters.
CVSS 9.8
CVE-2020-36919 EXPLOITDB MEDIUM text WORKING POC
WPForms < 1.7.8 - Stored Cross-Site Scripting via Slider Import Search Feature
WPForms 1.7.8 contains a cross-site scripting vulnerability in the slider import search feature and tab parameter. Attackers can inject malicious scripts through the ListTable.php endpoint to execute arbitrary JavaScript in victim's browser.
CVSS 6.1
EIP-2026-117928 EXPLOITDB text WRITEUP
SolarWinds Kiwi Syslog Server 9.6.7.1 - Unquoted Service Path
CVE-2024-21111 EXPLOITDB HIGH WORKING POC
Oracle VM VirtualBox < 7.0.16 - Privilege Escalation via Core Component
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Windows hosts only. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
CVSS 7.8
CVE-2023-29336 EXPLOITDB HIGH c WORKING POC
Windows 10 1507 < 10.0.10240.19926 and 1607 < 10.0.14393.5921 - Use-After-Free in Win32k
Win32k Elevation of Privilege Vulnerability
CVSS 7.8
EIP-2026-117488 EXPLOITDB text WRITEUP
Microsoft Exchange Active Directory Topology 15.02.1118.007 - 'Service MSExchangeADTopology' Unquoted Service Path
CVE-2024-21338 EXPLOITDB HIGH c WORKING POC
Windows Kernel - Privilege Escalation
Windows Kernel Elevation of Privilege Vulnerability
CVSS 7.8
CVE-2024-49138 EXPLOITDB HIGH c WORKING POC
Windows Common Log File System Driver - Elevation of Privilege via Heap-based Buffer Overflow
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVSS 7.8
CVE-2024-38193 EXPLOITDB HIGH WORKING POC
Windows Ancillary Function Driver - Privilege Escalation
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVSS 7.8
EIP-2026-117730 EXPLOITDB text WRITEUP
Oracle Database 12c Release 1 - Unquoted Service Path
EIP-2026-116508 EXPLOITDB text WORKING POC
VMware Workstation 15 Pro - Denial of Service
EIP-2026-115257 EXPLOITDB python WORKING POC
FlashGet 1.9.6 - Denial of Service (PoC)
EIP-2026-113474 EXPLOITDB text WORKING POC
WooCommerce v7.1.0 - Remote Code Execution(RCE)