Sina Kheirkhah

29 exploits Active since Aug 2021
CVE-2025-52691 METASPLOIT CRITICAL ruby WORKING POC
SmarterMail < 100.0.9413 - Unauthenticated Arbitrary File Upload and Remote Code Execution
Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.
CVSS 10.0
CVE-2025-61882 METASPLOIT CRITICAL ruby WORKING POC
Oracle Concurrent Processing 12.2.3-12.2.14 - Unauthenticated Takeover
Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks of this vulnerability can result in takeover of Oracle Concurrent Processing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVSS 9.8
CVE-2023-20887 METASPLOIT CRITICAL ruby WORKING POC
VMWare Aria Operations for Networks (vRealize Network Insight) pre-authenticated RCE
Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution.
CVSS 9.8
CVE-2021-39144 METASPLOIT HIGH ruby WORKING POC
XStream < 1.4.18 - Remote Code Execution via Untrusted Data Deserialization
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.
CVSS 8.5