Photubias

20 exploits Active since Jan 2015
CVE-2021-21972 NOMISEC CRITICAL WORKING POC
Vmware Cloud Foundation < 3.10.1.2 - Path Traversal
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).
20 stars
CVSS 9.8
CVE-2020-0688 NOMISEC HIGH WORKING POC
Microsoft Exchange Server - Authentication Bypass
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'.
2 stars
CVSS 8.8
CVE-2024-38063 NOMISEC CRITICAL WORKING POC
Windows TCP/IP < - RCE
Windows TCP/IP Remote Code Execution Vulnerability
CVSS 9.8
CVE-2024-38063 NOMISEC CRITICAL WORKING POC
Windows TCP/IP < - RCE
Windows TCP/IP Remote Code Execution Vulnerability
CVSS 9.8
CVE-2019-25470 EXPLOITDB HIGH python WORKING POC
eWON Firmware 12.2-13.0 - Auth Bypass
eWON Firmware versions 12.2 to 13.0 contain an authentication bypass vulnerability that allows attackers with minimal privileges to retrieve sensitive user data by exploiting the wsdReadForm endpoint. Attackers can send POST requests to /wrcgi.bin/wsdReadForm with base64-encoded partial credentials and a crafted wsdList parameter to extract encrypted passwords for all users, which can be decrypted using a hardcoded XOR key.
CVSS 7.5
CVE-2016-8371 EXPLOITDB HIGH python WORKING POC
Phoenix Contact ILC PLCs - Info Disclosure
The web server in Phoenix Contact ILC PLCs can be accessed without authenticating even if the authentication mechanism is enabled.
CVSS 7.3
CVE-2016-8380 EXPLOITDB HIGH python WORKING POC
Phoenix Contact ILC PLCs - Info Disclosure
The web server in Phoenix Contact ILC PLCs allows access to read and write PLC variables without authentication.
CVSS 7.3
CVE-2020-0688 EXPLOITDB HIGH python WORKING POC
Microsoft Exchange Server - Authentication Bypass
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'.
CVSS 8.8
EIP-2026-116551 EXPLOITDB python WORKING POC
Windows TCP/IP - RCE Checker and Denial of Service
EIP-2026-113009 EXPLOITDB python WORKING POC
vBulletin 5.6.1 - 'nodeId' SQL Injection
CVE-2021-21972 EXPLOITDB CRITICAL python WORKING POC
Vmware Cloud Foundation < 3.10.1.2 - Path Traversal
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).
CVSS 9.8
CVE-2020-3952 EXPLOITDB CRITICAL text WORKING POC
VMware vCenter Server vmdir Information Disclosure
Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls.
CVSS 9.8
CVE-2020-11108 EXPLOITDB HIGH python WORKING POC
Pi-Hole heisenbergCompensator Blocklist OS Command Execution
The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abused for Remote Code Execution by writing to a PHP file in the web directory. (Also, it can be used in conjunction with the sudo rule for the www-data user to escalate privileges to root.) The code error is in gravity_DownloadBlocklistFromUrl in gravity.sh.
CVSS 8.8
CVE-2021-35464 EXPLOITDB CRITICAL python WORKING POC
ForgeRock AM <7.0 - Code Injection
ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/* request to the server. The vulnerability exists due to the usage of Sun ONE Application Framework (JATO) found in versions of Java 8 or earlier
CVSS 9.8
CVE-2021-2109 EXPLOITDB HIGH python WORKING POC
Oracle WebLogic Server <14.1.1.0.0 - RCE
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
CVSS 7.2
CVE-2016-8366 EXPLOITDB HIGH python WORKING POC
Phoenix Contact ILC PLC - Info Disclosure
Webvisit in Phoenix Contact ILC PLCs offers a password macro to protect HMI pages on the PLC against casual or coincidental opening of HMI pages by the user. The password macro can be configured in a way that the password is stored and transferred in clear text.
CVSS 7.3
CVE-2017-6026 EXPLOITDB CRITICAL python WORKING POC
Schneider Electric Modicon PLCs <4.0.5.11 - Info Disclosure
A Use of Insufficiently Random Values issue was discovered in Schneider Electric Modicon PLCs Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The session numbers generated by the web application are lacking randomization and are shared between several users. This may allow a current session to be compromised.
CVSS 9.1
EIP-2026-101553 EXPLOITDB python WORKING POC
Beckhoff CX9020 CPU Module - Remote Code Execution
CVE-2014-9195 EXPLOITDB python WORKING POC
Phoenix Contact ProConOs & MultiProg - RCE
Phoenix Contact ProConOs and MultiProg do not require authentication, which allows remote attackers to execute arbitrary commands via protocol-compliant traffic.
CVE-2018-1207 EXPLOITDB CRITICAL python WORKING POC
Dell Emc Idrac7 < 2.52.52.52 - Code Injection
Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which could be used to execute remote code. A remote unauthenticated attacker may potentially be able to use CGI variables to execute remote code.
CVSS 9.8