Milad karimi

36 exploits Active since Apr 2022
EIP-2026-113479 EXPLOITDB python WORKING POC
Wordpress Augmented-Reality - Remote Code Execution Unauthenticated
EIP-2026-113474 EXPLOITDB text WORKING POC
WooCommerce v7.1.0 - Remote Code Execution(RCE)
EIP-2026-113109 EXPLOITDB text WORKING POC
Virtual Airlines Manager 2.6.2 - 'multiple' SQL Injection
CVE-2021-25094 EXPLOITDB HIGH python WORKING POC
Tatsu Wordpress Plugin RCE
The Tatsu WordPress plugin before 3.3.12 add_custom_font action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress's upload directory. By adding a PHP shell with a filename starting with a dot ".", this can bypass extension control implemented in the plugin. Moreover, there is a race condition in the zip extraction process which makes the shell file live long enough on the filesystem to be callable by an attacker.
CVSS 8.1
CVE-2024-28000 EXPLOITDB CRITICAL python WORKING POC
WordPress LiteSpeed Cache - Unauthenticated Privilege Escalation to Admin
Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache.This issue affects LiteSpeed Cache: from n/a through <= 6.3.0.1.
CVSS 9.8
EIP-2026-108455 EXPLOITDB text WORKING POC
Joomla! Component com_newsfeeds 1.0 - 'feedid' SQL Injection
EIP-2026-106588 EXPLOITDB text WORKING POC
Drupal avatar_uploader v7.x-1.0-beta8 - Cross Site Scripting (XSS)
CVE-2024-45440 EXPLOITDB MEDIUM python SCANNER
Drupal 11.x-dev - Info Disclosure
core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash_salt is file_get_contents of a file that does not exist.
CVSS 5.3
CVE-2023-41425 EXPLOITDB MEDIUM python WORKING POC
WonderCMS Remote Code Execution
Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component.
CVSS 6.1
CVE-2024-4367 EXPLOITDB HIGH python WORKING POC
Mozilla Firefox < 115.11.0 - Improper Condition Check
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
CVSS 8.8
CVE-2024-6387 EXPLOITDB HIGH c WORKING POC
OpenSSH - DoS
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
CVSS 8.1