Spencer McIntyre

131 exploits Active since Mar 1998
CVE-2020-28653 METASPLOIT CRITICAL ruby WORKING POC
ManageEngine OpManager < 125203 - Remote Code Execution via Smart Update Manager Servlet
Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet.
CVSS 9.8
CVE-2016-10033 METASPLOIT CRITICAL ruby WORKING POC
PHPMailer Sendmail Argument Injection
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
CVSS 9.8
CVE-2024-2044 METASPLOIT CRITICAL ruby WORKING POC
pgAdmin4 < 8.4 - Unauthenticated Path Traversal and Remote Code Execution via Session Deserialization
pgAdmin <= 8.3 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. If the server is running on Windows, an unauthenticated attacker can load and deserialize remote pickle objects and gain code execution. If the server is running on POSIX/Linux, an authenticated attacker can upload pickle objects, deserialize them, and gain code execution.
CVSS 9.9
CVE-2023-48788 METASPLOIT CRITICAL ruby WORKING POC
Fortinet Forticlient Endpoint Management Server - SQL Injection
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets.
CVSS 9.8
CVE-2021-31181 METASPLOIT HIGH ruby WORKING POC
Microsoft SharePoint - Remote Code Execution via Unsafe Control and ViewState
Microsoft SharePoint Remote Code Execution Vulnerability
CVSS 8.8
CVE-2022-41082 METASPLOIT HIGH ruby WORKING POC
Microsoft Exchange Server - Remote Code Execution via Untrusted Data Deserialization
Microsoft Exchange Server Remote Code Execution Vulnerability
CVSS 8.0
CVE-2020-1147 METASPLOIT HIGH ruby WORKING POC
.NET Framework, SharePoint Server, and Visual Studio - Remote Code Execution via XML Input Deserialization
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.
CVSS 7.8
CVE-2020-0646 METASPLOIT CRITICAL ruby WORKING POC
.NET Framework - Remote Code Execution via XML Injection
A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka '.NET Framework Remote Code Execution Injection Vulnerability'.
CVSS 9.8
CVE-2017-11317 METASPLOIT CRITICAL ruby WORKING POC
Telerik UI for ASP.NET AJAX < 2017.1.118 - Remote Code Execution via Weak RadAsyncUpload Encryption
Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.
CVSS 9.8
CVE-2024-1800 METASPLOIT CRITICAL ruby WORKING POC
Progress Telerik Report Server < 10.0.24.130 - Remote Code Execution via Insecure Deserialization
In Progress® Telerik® Report Server versions prior to 2024 Q1 (10.0.24.130), a remote code execution attack is possible through an insecure deserialization vulnerability.
CVSS 9.9
CVE-2020-17132 METASPLOIT CRITICAL ruby WORKING POC
Microsoft Exchange Server - Remote Code Execution
Microsoft Exchange Remote Code Execution Vulnerability
CVSS 9.1
CVE-2020-13166 METASPLOIT CRITICAL ruby WORKING POC
MyLittleAdmin 3.8 - Unauthenticated Remote Code Execution via Hardcoded MachineKey
The management tool in MyLittleAdmin 3.8 allows remote attackers to execute arbitrary code because machineKey is hardcoded (the same for all customers' installations) in web.config, and can be used to send serialized ASP code.
CVSS 9.8
CVE-2021-34523 METASPLOIT CRITICAL ruby WORKING POC
Microsoft Exchange Server - Privilege Escalation
Microsoft Exchange Server Elevation of Privilege Vulnerability
CVSS 9.0
CVE-2021-22652 METASPLOIT CRITICAL ruby WORKING POC
Advantech iView <5.7.03.6112 - Code Execution
Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution.
CVSS 9.8
CVE-2020-0618 METASPLOIT HIGH ruby WORKING POC
Microsoft SQL Server Reporting Services - Remote Code Execution via ViewState Deserialization
A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'.
CVSS 8.8
CVE-2022-38108 METASPLOIT HIGH ruby WORKING POC
SolarWinds Platform - Code Injection
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
CVSS 7.2
CVE-2013-2492 METASPLOIT ruby WORKING POC
Firebird <2.1.5-2.5.3 - Buffer Overflow
Stack-based buffer overflow in Firebird 2.1.3 through 2.1.5 before 18514, and 2.5.1 through 2.5.3 before 26623, on Windows allows remote attackers to execute arbitrary code via a crafted packet to TCP port 3050, related to a missing size check during extraction of a group number from CNCT information.
CVE-2013-3563 METASPLOIT ruby WORKING POC
Lianja SQL Server < 1.0 - Stack-Based Buffer Overflow via TCP Port 8001
Stack-based buffer overflow in db_netserver in Lianja SQL Server before 1.0.0RC5.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted string to TCP port 8001.
CVE-2023-28324 METASPLOIT CRITICAL ruby WORKING POC
Ivanti Endpoint Manager < 2022 - Privilege Escalation or Remote Code Execution
A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege escalation or remote code execution.
CVSS 9.8
CVE-2014-6271 METASPLOIT CRITICAL ruby WORKING POC
Apache mod_cgi Bash Environment Variable Code Injection (Shellshock)
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
CVSS 9.8
CVE-1999-0502 METASPLOIT ruby WORKING POC
HP-UX - Unauthenticated Remote Login via Default Null Password
A Unix account has a default, null, blank, or missing password.
CVE-2023-22527 METASPLOIT CRITICAL ruby WORKING POC
Atlassian Confluence SSTI Injection
A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin.
CVSS 9.8
CVE-2021-44228 METASPLOIT CRITICAL ruby WORKING POC
Log4Shell HTTP Header Injection
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
CVSS 10.0
CVE-2014-4971 METASPLOIT ruby WORKING POC
Microsoft Windows XP SP3 - Privilege Escalation
Microsoft Windows XP SP3 does not validate addresses in certain IRP handler routines, which allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted address in an IOCTL call, related to (1) the MQAC.sys driver in the MQ Access Control subsystem and (2) the BthPan.sys driver in the Bluetooth Personal Area Networking subsystem.
CVE-2013-3881 METASPLOIT ruby WORKING POC
Windows 7 SP1 and Windows Server 2008 R2 SP1 - Local Privilege Escalation via Win32k NULL Page
win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows local users to gain privileges via a crafted application, aka "Win32k NULL Page Vulnerability."