Shelby Pace

50 exploits Active since Sep 2015
CVE-2015-10144 METASPLOIT HIGH ruby WORKING POC
Responsive Thumbnail Slider <1.0.1 - Code Injection
The Responsive Thumbnail Slider plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type sanitization in the via the image uploader in versions up to 1.0.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected sites server using a double extension which may make remote code execution possible.
CVSS 8.8
CVE-2018-10661 METASPLOIT CRITICAL ruby WORKING POC
Axis IP Cameras - Access Control Bypass
An issue was discovered in multiple models of Axis IP Cameras. There is a bypass of access control.
CVSS 9.8
CVE-2018-10662 METASPLOIT CRITICAL ruby WORKING POC
Axis IP Cameras - Exposed Insecure Interface
An issue was discovered in multiple models of Axis IP Cameras. There is an Exposed Insecure Interface.
CVSS 9.8
CVE-2018-10661 EXPLOITDB CRITICAL ruby WORKING POC
Axis IP Cameras - Access Control Bypass
An issue was discovered in multiple models of Axis IP Cameras. There is a bypass of access control.
CVSS 9.8
CVE-2018-10660 EXPLOITDB CRITICAL ruby WORKING POC
Axis IP Cameras - OS Command Injection
An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection.
CVSS 9.8
CVE-2018-9160 METASPLOIT CRITICAL ruby WORKING POC
SickRage < 2018.03.09-1 - Unprotected Credential Exposure via HTTP Response
SickRage before v2018.03.09-1 includes cleartext credentials in HTTP responses.
CVSS 9.8
CVE-2018-0296 METASPLOIT HIGH ruby WORKING POC
Cisco ASA & FTD - Unauthenticated DoS & Info Disclosure via HTTP URL
A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that the ASA will not reload, but an attacker could view sensitive system information without authentication by using directory traversal techniques. The vulnerability is due to lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to cause a DoS condition or unauthenticated disclosure of information. This vulnerability applies to IPv4 and IPv6 HTTP traffic. This vulnerability affects Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software that is running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 1000V Cloud Firewall, ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module, FTD Virtual (FTDv). Cisco Bug IDs: CSCvi16029.
CVSS 7.5
CVE-2010-10012 METASPLOIT HIGH ruby WORKING POC
httpdasm 0.92 - Unauthenticated Path Traversal via URL-Encoded Backslashes
A path traversal vulnerability exists in httpdasm version 0.92, a lightweight Windows HTTP server, that allows unauthenticated attackers to read arbitrary files on the host system. By sending a specially crafted GET request containing a sequence of URL-encoded backslashes and directory traversal patterns, an attacker can escape the web root and access sensitive files outside of the intended directory.
CVE-2018-10094 METASPLOIT CRITICAL ruby WORKING POC
Dolibarr < 7.0.2 - SQL Injection via Integer Parameter
SQL injection vulnerability in Dolibarr before 7.0.2 allows remote attackers to execute arbitrary SQL commands via vectors involving integer parameters without quotes.
CVSS 9.8
CVE-2018-14058 METASPLOIT MEDIUM ruby WORKING POC
pimcore < 5.3.0 - SQL Injection via REST Web Service API
Pimcore before 5.3.0 allows SQL Injection via the REST web service API.
CVSS 6.5
CVE-2022-43781 METASPLOIT CRITICAL ruby WORKING POC
Bitbucket Server/Data Center - Command Injection
There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system. This vulnerability can be unauthenticated if the Bitbucket Server and Data Center instance has enabled “Allow public signup”.
CVSS 9.8
CVE-2020-2555 METASPLOIT CRITICAL ruby WORKING POC
Oracle Coherence 3.7.1.0/12.1.3.0.0/12.2.1.3-4 - RCE
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVSS 9.8
CVE-2020-2883 METASPLOIT CRITICAL ruby WORKING POC
Oracle Access Manager unauthenticated Remote Code Execution
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVSS 9.8
CVE-2021-21300 METASPLOIT HIGH ruby WORKING POC
Git 2.14.2-2.30.0 - Remote Code Execution via Symbolic Link and Clean/Smudge Filter Interaction
Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive file system such as NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters have to be configured for that. Git for Windows configures Git LFS by default, and is therefore vulnerable. The problem has been patched in the versions published on Tuesday, March 9th, 2021. As a workaound, if symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. Likewise, if no clean/smudge filters such as Git LFS are configured globally (i.e. _before_ cloning), the attack is foiled. As always, it is best to avoid cloning repositories from untrusted sources. The earliest impacted version is 2.14.2. The fix versions are: 2.30.1, 2.29.3, 2.28.1, 2.27.1, 2.26.3, 2.25.5, 2.24.4, 2.23.4, 2.22.5, 2.21.4, 2.20.5, 2.19.6, 2.18.5, 2.17.62.17.6.
CVSS 8.0
CVE-2019-25224 METASPLOIT CRITICAL ruby WORKING POC
WP Database Backup <5.2 - Command Injection
The WP Database Backup plugin for WordPress is vulnerable to OS Command Injection in versions before 5.2 via the mysqldump function. This vulnerability allows unauthenticated attackers to execute arbitrary commands on the host operating system.
CVSS 9.8
CVE-2018-19276 METASPLOIT CRITICAL ruby WORKING POC
OpenMRS Java Deserialization RCE
OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a request body.
CVSS 9.8
CVE-2018-1000533 METASPLOIT CRITICAL ruby WORKING POC
GitList <= 0.6.0 - Remote Code Execution via Search Form Input
klaussilveira GitList version <= 0.6 contains a Passing incorrectly sanitized input to system function vulnerability in `searchTree` function that can result in Execute any code as PHP user. This attack appear to be exploitable via Send POST request using search form. This vulnerability appears to have been fixed in 0.7 after commit 87b8c26b023c3fc37f0796b14bb13710f397b322.
CVSS 9.8
CVE-2023-28128 METASPLOIT HIGH ruby WORKING POC
Ivanti Avalanche < 6.3.4.153 - Unrestricted Upload of File with Dangerous Type
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution.
CVSS 7.2
CVE-2018-16858 METASPLOIT HIGH ruby WORKING POC
LibreOffice Macro Python Code Execution
It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location.
CVSS 7.8
CVE-2019-9848 METASPLOIT CRITICAL ruby WORKING POC
LibreOffice < 6.2.5 - Remote Code Execution via LibreLogo Python Command Injection
LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrary python commands. By using the document event feature to trigger LibreLogo to execute python contained within a document a malicious document could be constructed which would execute arbitrary python commands silently without warning. In the fixed versions, LibreLogo cannot be called from a document event handler. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5.
CVSS 9.8
CVE-2023-1133 METASPLOIT CRITICAL ruby WORKING POC
Delta Electronics InfraSuite Device Master < 1.0.5 - Remote Code Execution via UDP Deserialization
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which the Device-status service listens on port 10100/ UDP by default. The service accepts the unverified UDP packets and deserializes the content, which could allow an unauthenticated attacker to remotely execute arbitrary code.
CVSS 9.8
CVE-2022-2143 METASPLOIT CRITICAL ruby WORKING POC
Product <Version> - Command Injection
The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code.
CVSS 9.8
CVE-2019-0841 METASPLOIT HIGH ruby WORKING POC
Windows AppX Deployment Service - Privilege Escalation
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836.
CVSS 7.8
CVE-2022-21999 METASPLOIT HIGH ruby WORKING POC
Windows Print Spooler - Privilege Escalation
Windows Print Spooler Elevation of Privilege Vulnerability
CVSS 7.8
CVE-2021-38085 METASPLOIT HIGH ruby WORKING POC
Canon TR150 <3.71.2.10 - Privilege Escalation
The Canon TR150 print driver through 3.71.2.10 is vulnerable to a privilege escalation issue. During the add printer process, a local attacker can overwrite CNMurGE.dll and, if timed properly, the overwritten DLL will be loaded into a SYSTEM process resulting in escalation of privileges. This occurs because the driver drops a world-writable DLL into a CanonBJ %PROGRAMDATA% location that gets loaded by printisolationhost (a system process).
CVSS 7.8