Pedro Ribeiro

203 exploits Active since Jan 2014
CVE-2018-17888 METASPLOIT CRITICAL ruby WORKING POC
NUUO CMS <3.1 - RCE
NUUO CMS all versions 3.1 and prior, The application uses a session identification mechanism that could allow attackers to obtain the active session ID, which could allow arbitrary remote code execution.
CVSS 9.8
CVE-2014-6038 METASPLOIT HIGH ruby WORKING POC
ManageEngine Eventlog Analyzer Managed Hosts Administrator Credential Disclosure
Zoho ManageEngine EventLog Analyzer versions 7 through 9.9 build 9002 have a database Information Disclosure Vulnerability. Fixed in EventLog Analyzer 10.0 Build 10000.
CVSS 7.5
CVE-2014-4872 METASPLOIT ruby WORKING POC
BMC Track-It! 11.3.0.355 - RCE
BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attackers to upload arbitrary files, execute arbitrary code, or obtain sensitive credential and configuration information via a .NET Remoting request to (1) FileStorageService or (2) ConfigurationService.
CVE-2016-1593 METASPLOIT HIGH ruby WORKING POC
Micro Focus Novell Service Desk <7.2 - Path Traversal
Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a .. (dot dot) in a filename within a multipart/form-data POST request to a LiveTime.woa URL.
CVSS 7.2
CVE-2019-4716 METASPLOIT CRITICAL ruby WORKING POC
IBM Planning Analytics <2.0.9 - Privilege Escalation
IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting. IBM X-Force ID: 172094.
CVSS 9.8
CVE-2015-0779 METASPLOIT ruby WORKING POC
Novell Zenworks Configuration Management - Path Traversal
Directory traversal vulnerability in UploadServlet in Novell ZENworks Configuration Management (ZCM) 10 and 11 before 11.3.2 allows remote attackers to execute arbitrary code via a crafted directory name in the uid parameter, in conjunction with a WAR filename in the filename parameter and WAR content in the POST data, a different vulnerability than CVE-2010-5323 and CVE-2010-5324.
CVE-2019-1622 METASPLOIT MEDIUM ruby WORKING POC
Cisco Data Center Network Manager Unauthenticated Remote Code Execution
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. The vulnerability is due to improper access controls for certain URLs on affected DCNM software. An attacker could exploit this vulnerability by connecting to the web-based management interface of an affected device and requesting specific URLs. A successful exploit could allow the attacker to download log files and diagnostic information from the affected device.
CVSS 5.3
CVE-2020-11853 METASPLOIT HIGH ruby WORKING POC
Micro Focus - RCE
Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40 with uCMDB 10.33 CUP 3 3.) Data Center Automation affected version 2019.11 4.) Operations Bridge (containerized) affecting versions: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11 5.) Universal CMDB affecting version: 2020.05, 2019.11, 2019.05, 2019.02, 2018.11, 2018.08, 2018.05, 11, 10.33, 10.32, 10.31, 10.30 6.) Hybrid Cloud Management affecting version 2020.05 7.) Service Management Automation affecting version 2020.5 and 2020.02. The vulnerability could allow to execute arbitrary code.
CVSS 8.8
CVE-2014-3996 METASPLOIT ruby WORKING POC
ManageEngine <9-0.90043 - SQL Injection
SQL injection vulnerability in the LinkViewFetchServlet servlet in ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90043, Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7 build 7003, IT360 and IT360 Managed Service Providers (MSP) edition before 10.3.3 build 10330, and possibly other ManageEngine products, allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the sv parameter to LinkViewFetchServlet.dat.
CVE-2016-6600 METASPLOIT CRITICAL ruby WORKING POC
ZOHO WebNMS Framework <5.2-5.2 SP1 - Path Traversal
Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to upload and execute arbitrary JSP files via a .. (dot dot) in the fileName parameter to servlets/FileUploadServlet.
CVSS 9.8
CVE-2019-8394 METASPLOIT MEDIUM ruby WORKING POC
Zohocorp Manageengine Servicedesk Plus - Unrestricted File Upload
Zoho ManageEngine ServiceDesk Plus (SDP) before 10.0 build 10012 allows remote attackers to upload arbitrary files via login page customization.
CVSS 6.5
CVE-2014-5301 METASPLOIT HIGH ruby WORKING POC
Manageengine Servicedesk Plus - Path Traversal
Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4.
CVSS 8.8
CVE-2014-6037 METASPLOIT ruby WORKING POC
Zohocorp Manageengine Eventlog Analyzer - Path Traversal
Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 allows remote attackers to execute arbitrary code by uploading a ZIP file which contains an executable file with .. (dot dot) sequences in its name, then accessing the executable via a direct request to the file under the web root. Fixed in Build 11072.
CVE-2014-6034 METASPLOIT ruby WORKING POC
Zohocorp Manageengine Social IT Plus < 10.4 - Path Traversal
Directory traversal vulnerability in the com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector servlet in ZOHO ManageEngine OpManager 8.8 through 11.3, Social IT Plus 11.0, and IT360 10.4 and earlier allows remote attackers or remote authenticated users to write to and execute arbitrary WAR files via a .. (dot dot) in the regionID parameter.
CVE-2015-2994 METASPLOIT ruby WORKING POC
SysAid Help Desk <15.2 - RCE
Unrestricted file upload vulnerability in ChangePhoto.jsp in SysAid Help Desk before 15.2 allows remote administrators to execute arbitrary code by uploading a file with a .jsp extension, then accessing it via a direct request to the file in icons/user_photo/.
CVE-2014-5005 METASPLOIT ruby WORKING POC
Zohocorp Manageengine Desktop Central < 9.0 - Path Traversal
Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter in an LFU action to statusUpdate.
CVE-2020-11853 METASPLOIT HIGH ruby WORKING POC
Micro Focus - RCE
Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40 with uCMDB 10.33 CUP 3 3.) Data Center Automation affected version 2019.11 4.) Operations Bridge (containerized) affecting versions: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11 5.) Universal CMDB affecting version: 2020.05, 2019.11, 2019.05, 2019.02, 2018.11, 2018.08, 2018.05, 11, 10.33, 10.32, 10.31, 10.30 6.) Hybrid Cloud Management affecting version 2020.05 7.) Service Management Automation affecting version 2020.5 and 2020.02. The vulnerability could allow to execute arbitrary code.
CVSS 8.8
CVE-2015-2995 METASPLOIT ruby WORKING POC
SysAid Help Desk <15.2 - RCE
The RdsLogsEntry servlet in SysAid Help Desk before 15.2 does not properly check file extensions, which allows remote attackers to upload and execute arbitrary files via a NULL byte after the extension, as demonstrated by a .war%00 file.
CVE-2020-10644 METASPLOIT HIGH ruby WORKING POC
Ignition <8.0.10, <7.9.14 - Info Disclosure
The affected product lacks proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information.
CVSS 7.5
CVE-2018-18982 METASPLOIT HIGH ruby WORKING POC
Nuuo Cms < 3.3 - SQL Injection
NUUO CMS All versions 3.3 and prior the web server application allows injection of arbitrary SQL characters, which can be used to inject SQL into an executing statement and allow arbitrary code execution.
CVSS 8.8
CVE-2018-17936 METASPLOIT CRITICAL ruby WORKING POC
Nuuo Cms < 3.3 - Unrestricted File Upload
NUUO CMS All versions 3.3 and prior the application allows the upload of arbitrary files that can modify or overwrite configuration files to the server, which could allow remote code execution.
CVSS 9.8
CVE-2014-4872 METASPLOIT ruby WORKING POC
BMC Track-It! 11.3.0.355 - RCE
BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attackers to upload arbitrary files, execute arbitrary code, or obtain sensitive credential and configuration information via a .NET Remoting request to (1) FileStorageService or (2) ConfigurationService.
CVE-2015-6922 METASPLOIT CRITICAL ruby WORKING POC
Kaseya Virtual System Administrator < 7.0.0.33 - Authentication Bypass
Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.33, 8.x before 8.0.0.23, 9.0 before 9.0.0.19, and 9.1 before 9.1.0.9 does not properly require authentication, which allows remote attackers to bypass authentication and (1) add an administrative account via crafted request to LocalAuth/setAccount.aspx or (2) write to and execute arbitrary files via a full pathname in the PathData parameter to ConfigTab/uploader.aspx.
CVSS 9.8
CVE-2023-38098 METASPLOIT HIGH ruby WORKING POC
Netgear Prosafe Network Management System - Unrestricted File Upload
NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the UpLoadServlet class. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-19720.
CVSS 8.8
CVE-2020-11855 METASPLOIT HIGH ruby WORKING POC
Microfocus Operation Bridge Reporter - Incorrect Permission Assignment
An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow local attackers on the OBR host to execute code with escalated privileges.
CVSS 7.8