Milad karimi

36 exploits Active since Apr 2022
EIP-2026-113965 EXPLOITDB text WORKING POC
Wordpress Plugin PicUploader 1.0 - Remote File Upload
CVE-2022-4395 EXPLOITDB CRITICAL text WORKING POC
Membership For WooCommerce <2.1.7 - Unauthenticated RCE
The Membership For WooCommerce WordPress plugin before 2.1.7 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE.
CVSS 9.8
CVE-2023-2745 EXPLOITDB MEDIUM python WORKING POC
WordPress < 6.2 - Unauthenticated Directory Traversal via wp_lang Parameter
WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘wp_lang’ parameter. This allows unauthenticated attackers to access and load arbitrary translation files. In cases where an attacker is able to upload a crafted translation file onto the site, such as via an upload form, this could be also used to perform a Cross-Site Scripting attack.
CVSS 5.4
EIP-2026-113109 EXPLOITDB text WORKING POC
Virtual Airlines Manager 2.6.2 - 'multiple' SQL Injection
CVE-2021-25094 EXPLOITDB HIGH python WORKING POC
Tatsu Wordpress Plugin RCE
The Tatsu WordPress plugin before 3.3.12 add_custom_font action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress's upload directory. By adding a PHP shell with a filename starting with a dot ".", this can bypass extension control implemented in the plugin. Moreover, there is a race condition in the zip extraction process which makes the shell file live long enough on the filesystem to be callable by an attacker.
CVSS 8.1
CVE-2024-28000 EXPLOITDB CRITICAL python WORKING POC
WordPress LiteSpeed Cache - Unauthenticated Privilege Escalation to Admin
Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache.This issue affects LiteSpeed Cache: from n/a through <= 6.3.0.1.
CVSS 9.8
EIP-2026-108455 EXPLOITDB text WORKING POC
Joomla! Component com_newsfeeds 1.0 - 'feedid' SQL Injection
CVE-2024-45440 EXPLOITDB MEDIUM python SCANNER
Drupal 10.3.0-10.3.5 - Full Path Disclosure via Missing hash_salt File
core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure (even when error logging is None) if the value of hash_salt is file_get_contents of a file that does not exist.
CVSS 5.3
CVE-2023-41425 EXPLOITDB MEDIUM python WORKING POC
WonderCMS Remote Code Execution
Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component.
CVSS 6.1
CVE-2024-4367 EXPLOITDB HIGH python WORKING POC
Firefox < 126 and ESR < 115.11 - Arbitrary JavaScript Execution in PDF.js via Missing Type Check
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
CVSS 8.8
CVE-2024-6387 EXPLOITDB HIGH c WORKING POC
OpenSSH - DoS
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
CVSS 8.1