Spencer McIntyre

131 exploits Active since Mar 1998
CVE-2020-0796 METASPLOIT CRITICAL ruby WORKING POC
Windows 10 1903/1909 and Windows Server 1903/1909 - Remote Code Execution via SMBv3 Compression Buffer Overflow
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.
CVSS 10.0
CVE-2015-0096 METASPLOIT ruby WORKING POC
Microsoft Windows Shell LNK Code Execution
Untrusted search path vulnerability in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, leading to DLL loading during Windows Explorer access to the icon of a crafted shortcut, aka "DLL Planting Remote Code Execution Vulnerability."
CVE-2025-21293 METASPLOIT HIGH ruby WORKING POC
Windows 10 1507-24H2 and Windows Server 2012-2016 - Active Directory Domain Services Elevation of Privilege
Active Directory Domain Services Elevation of Privilege Vulnerability
CVSS 8.8
CVE-2022-23277 METASPLOIT HIGH ruby WORKING POC
Microsoft Exchange Server ChainedSerializationBinder RCE
Microsoft Exchange Server Remote Code Execution Vulnerability
CVSS 8.8
CVE-2020-0688 METASPLOIT HIGH ruby WORKING POC
Microsoft Exchange Server - Remote Code Execution via Memory Corruption
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'.
CVSS 8.8
CVE-2020-0796 METASPLOIT CRITICAL ruby WORKING POC
Windows 10 1903/1909 and Windows Server 1903/1909 - Remote Code Execution via SMBv3 Compression Buffer Overflow
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.
CVSS 10.0
CVE-2008-4037 METASPLOIT ruby WORKING POC
Microsoft Windows - Remote Code Execution via SMB Credential Reflection
Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834.
CVE-2022-21882 METASPLOIT HIGH ruby WORKING POC
Win32k ConsoleControl Offset Confusion
Win32k Elevation of Privilege Vulnerability
CVSS 7.0
CVE-2017-9769 METASPLOIT CRITICAL ruby WORKING POC
Razer Synapse <2.20.15.1104 - Privilege Escalation
A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse 2.20.15.1104 that is forwarded to ZwOpenProcess allowing a handle to be opened to an arbitrary process.
CVSS 9.8
CVE-2015-1701 METASPLOIT HIGH ruby WORKING POC
Microsoft Win32k - Privilege Escalation
Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in April 2015, aka "Win32k Elevation of Privilege Vulnerability."
CVSS 7.8
CVE-2021-21551 METASPLOIT HIGH ruby WORKING POC
Dell DBUtil < 2.3 - Authenticated Insufficient Access Control in IOCTL Handler
Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.
CVSS 8.8
CVE-2014-4113 METASPLOIT HIGH ruby WORKING POC
Microsoft Windows - Privilege Escalation
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, as exploited in the wild in October 2014, aka "Win32k.sys Elevation of Privilege Vulnerability."
CVSS 7.8
CVE-2021-1675 METASPLOIT HIGH ruby WORKING POC
Windows Print Spooler - Remote Code Execution
Windows Print Spooler Remote Code Execution Vulnerability
CVSS 7.8
CVE-2014-1761 METASPLOIT HIGH ruby WORKING POC
Microsoft Word <2013 - Memory Corruption
Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word Automation Services on SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, as exploited in the wild in March 2014.
CVSS 7.8
CVE-2023-38146 METASPLOIT HIGH ruby WORKING POC
Themebleed- Windows 11 Themes Arbitrary Code Execution CVE-2023-38146
Windows Themes Remote Code Execution Vulnerability
CVSS 8.8
CVE-2006-6199 METASPLOIT ruby WORKING POC
BlazeVideo BlazeDVD Standard and Professional 5.0 - Stack-based Buffer Overflow via PLF Playlist Filename
Stack-based buffer overflow in BlazeVideo BlazeDVD Standard and Professional 5.0, and possibly earlier, allows remote attackers to execute arbitrary code via a long filename in a PLF playlist.
CVE-2015-0096 METASPLOIT ruby WORKING POC
Microsoft Windows Shell LNK Code Execution
Untrusted search path vulnerability in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, leading to DLL loading during Windows Explorer access to the icon of a crafted shortcut, aka "DLL Planting Remote Code Execution Vulnerability."
CVE-2021-38647 METASPLOIT CRITICAL ruby WORKING POC
Microsoft OMI Management Interface Authentication Bypass
Open Management Infrastructure Remote Code Execution Vulnerability
CVSS 9.8
CVE-2021-38294 METASPLOIT CRITICAL ruby WORKING POC
Apache Storm <2.2.1, <1.2.4 - Command Injection
A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache Storm 1.x prior to 1.2.4. A specially crafted thrift request to the Nimbus server allows Remote Code Execution (RCE) prior to authentication.
CVSS 9.8
CVE-2020-13160 METASPLOIT CRITICAL ruby WORKING POC
AnyDesk < 5.5.3 - Remote Code Execution via Format String Vulnerability
AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution.
CVSS 9.8
CVE-2023-0297 METASPLOIT CRITICAL ruby WORKING POC
pyLoad js2py Python Execution
Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.
CVSS 9.8
CVE-2023-3519 METASPLOIT CRITICAL ruby WORKING POC
Citrix NetScaler ADC and Gateway - Unauthenticated Remote Code Execution
Unauthenticated remote code execution
CVSS 9.8
CVE-2020-8260 METASPLOIT HIGH ruby WORKING POC
Pulse Connect Secure <9.1R9 - Authenticated RCE
A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction.
CVSS 7.2
CVE-2022-44877 METASPLOIT CRITICAL ruby WORKING POC
CWP login.php Unauthenticated RCE
login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.
CVSS 9.8
CVE-2024-28397 METASPLOIT MEDIUM ruby WORKING POC
pyload-ng js2py - Remote Code Execution
An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call.
CVSS 5.3