Podalirius

17 exploits Active since Sep 2018
CVE-2021-43008 NOMISEC HIGH WORKING POC
Adminer 1.12.0-4.6.2 - Arbitrary File Read via Remote MySQL Database Connection
Improper Access Control in Adminer versions 1.12.0 to 4.6.2 (fixed in version 4.6.3) allows an attacker to achieve Arbitrary File Read on the remote server by requesting the Adminer to connect to a remote MySQL database.
88 stars
CVSS 7.5
CVE-2022-21907 NOMISEC CRITICAL WORKING POC
Windows 10, 11, and Server - Remote Code Execution
HTTP Protocol Stack Remote Code Execution Vulnerability
83 stars
CVSS 9.8
CVE-2020-14144 NOMISEC HIGH WORKING POC
Gitea 1.1.0-1.12.5 - Authenticated Remote Code Execution via Git Hook Script Injection
The git hook feature in Gitea 1.1.0 through 1.12.5 might allow for authenticated remote code execution in customer environments where the documentation was not understood (e.g., one viewpoint is that the dangerousness of this feature should be documented immediately above the ENABLE_GIT_HOOKS line in the config file). NOTE: The vendor has indicated this is not a vulnerability and states "This is a functionality of the software that is limited to a very limited subset of accounts. If you give someone the privilege to execute arbitrary code on your server, they can execute arbitrary code on your server. We provide very clear warnings to users around this functionality and what it provides.
30 stars
CVSS 7.2
CVE-2018-16763 NOMISEC CRITICAL WORKING POC
FUEL CMS < 1.4.2 - Unauthenticated Remote Code Execution via Pages Filter or Preview Data Parameter
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution.
23 stars
CVSS 9.8
CVE-2016-10956 NOMISEC HIGH WORKING POC
mail-masta 1.0 - Local File Inclusion in count_of_send.php and csvexport.php
The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport.php.
20 stars
CVSS 7.5
CVE-2022-30780 NOMISEC HIGH WORKING POC
lighttpd 1.4.56-1.4.58 - Denial of Service via Large Header Processing
Lighttpd 1.4.56 through 1.4.58 allows a remote attacker to cause a denial of service (CPU consumption from stuck connections) because connection_read_header_more in connections.c has a typo that disrupts use of multiple read operations on large headers.
17 stars
CVSS 7.5
CVE-2022-26159 NOMISEC MEDIUM WORKING POC
Ametys CMS <4.5.0 - Info Disclosure
The auto-completion plugin in Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/<domain>/en.xml (and similar pathnames for other languages), which contain all characters typed by all users, including the content of private pages. For example, a private page may contain usernames, e-mail addresses, and possibly passwords.
14 stars
CVSS 5.3
CVE-2021-31800 NOMISEC CRITICAL WORKING POC
Impacket < 0.9.22 - Path Traversal and Arbitrary File Write via SMB Server
Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. An attacker that connects to a running smbserver instance can list and write to arbitrary files via ../ directory traversal. This could potentially be abused to achieve arbitrary code execution by replacing /etc/shadow or an SSH authorized key.
10 stars
CVSS 9.8
CVE-2025-26529 NOMISEC HIGH WORKING POC
Moodle 4.1.0-4.1.15 and 4.5.0-beta-4.5.1 - Stored Cross-Site Scripting in Site Administration Live Log
Description information displayed in the site administration live log required additional sanitizing to prevent a stored XSS risk.
9 stars
CVSS 8.3
CVE-2020-8813 NOMISEC HIGH WORKING POC
Cacti 1.2.8 - Authenticated Remote Code Execution via Cookie Shell Metacharacter Injection
graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.
7 stars
CVSS 8.8
CVE-2022-36446 NOMISEC CRITICAL WORKING POC
Webmin < 1.997 - Remote Code Execution via Unescaped UI Command
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.
CVSS 9.8
CVE-2022-26159 WRITEUP MEDIUM WORKING POC
Ametys CMS <4.5.0 - Info Disclosure
The auto-completion plugin in Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/<domain>/en.xml (and similar pathnames for other languages), which contain all characters typed by all users, including the content of private pages. For example, a private page may contain usernames, e-mail addresses, and possibly passwords.
CVSS 5.3
CVE-2016-10956 INTHEWILD HIGH WORKING POC
mail-masta 1.0 - Local File Inclusion in count_of_send.php and csvexport.php
The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport.php.
CVSS 7.5
CVE-2020-15867 METASPLOIT HIGH ruby WORKING POC
Gogs 0.5.5-0.12.2 - Authenticated Remote Code Execution via Git Hook Feature
The git hook feature in Gogs 0.5.5 through 0.12.2 allows for authenticated remote code execution. There can be a privilege escalation if access to this hook feature is granted to a user who does not have administrative privileges. NOTE: because this is mentioned in the documentation but not in the UI, it could be considered a "Product UI does not Warn User of Unsafe Actions" issue.
CVSS 7.2
CVE-2020-14144 METASPLOIT HIGH ruby WORKING POC
Gitea 1.1.0-1.12.5 - Authenticated Remote Code Execution via Git Hook Script Injection
The git hook feature in Gitea 1.1.0 through 1.12.5 might allow for authenticated remote code execution in customer environments where the documentation was not understood (e.g., one viewpoint is that the dangerousness of this feature should be documented immediately above the ENABLE_GIT_HOOKS line in the config file). NOTE: The vendor has indicated this is not a vulnerability and states "This is a functionality of the software that is limited to a very limited subset of accounts. If you give someone the privilege to execute arbitrary code on your server, they can execute arbitrary code on your server. We provide very clear warnings to users around this functionality and what it provides.
CVSS 7.2
EIP-2026-104263 EXPLOITDB python WORKING POC
Gitea 1.12.5 - Remote Code Execution (Authenticated)
CVE-2020-1147 EXPLOITDB HIGH python WORKING POC
.NET Framework, SharePoint Server, and Visual Studio - Remote Code Execution via XML Input Deserialization
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.
CVSS 7.8