Spencer McIntyre

128 exploits Active since Mar 1998
CVE-2025-21293 METASPLOIT HIGH ruby WORKING POC
Microsoft Windows 10 1507 < 10.0.10240.20890 - Improper Access Control
Active Directory Domain Services Elevation of Privilege Vulnerability
CVSS 8.8
CVE-2013-3881 METASPLOIT ruby WORKING POC
Microsoft Windows 7 - Resource Management Error
win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows local users to gain privileges via a crafted application, aka "Win32k NULL Page Vulnerability."
CVE-2020-0796 METASPLOIT CRITICAL ruby WORKING POC
Microsoft Windows 10 1903 - Memory Corruption
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'.
CVSS 10.0
CVE-2015-0096 METASPLOIT ruby WORKING POC
Microsoft Windows Shell LNK Code Execution
Untrusted search path vulnerability in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, leading to DLL loading during Windows Explorer access to the icon of a crafted shortcut, aka "DLL Planting Remote Code Execution Vulnerability."
CVE-2022-21882 METASPLOIT HIGH ruby WORKING POC
Win32k ConsoleControl Offset Confusion
Win32k Elevation of Privilege Vulnerability
CVSS 7.0
CVE-2017-9769 METASPLOIT CRITICAL ruby WORKING POC
Razer Synapse <2.20.15.1104 - Privilege Escalation
A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse 2.20.15.1104 that is forwarded to ZwOpenProcess allowing a handle to be opened to an arbitrary process.
CVSS 9.8
CVE-2015-1701 METASPLOIT HIGH ruby WORKING POC
Microsoft Win32k - Privilege Escalation
Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in April 2015, aka "Win32k Elevation of Privilege Vulnerability."
CVSS 7.8
CVE-2021-21551 METASPLOIT HIGH ruby WORKING POC
Dell Dbutil < 2.3 - Denial of Service
Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.
CVSS 8.8
CVE-2014-4113 METASPLOIT HIGH ruby WORKING POC
Microsoft Windows - Privilege Escalation
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, as exploited in the wild in October 2014, aka "Win32k.sys Elevation of Privilege Vulnerability."
CVSS 7.8
CVE-2020-13160 METASPLOIT CRITICAL ruby WORKING POC
AnyDesk <5.5.3 - RCE
AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution.
CVSS 9.8
CVE-2021-1675 METASPLOIT HIGH ruby WORKING POC
Microsoft Windows 10 1507 < 10.0.10240.18967 - Remote Code Execution
Windows Print Spooler Remote Code Execution Vulnerability
CVSS 7.8
CVE-2014-1761 METASPLOIT HIGH ruby WORKING POC
Microsoft Word <2013 - Memory Corruption
Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word Automation Services on SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, as exploited in the wild in March 2014.
CVSS 7.8
CVE-2023-38146 METASPLOIT HIGH ruby WORKING POC
Themebleed- Windows 11 Themes Arbitrary Code Execution CVE-2023-38146
Windows Themes Remote Code Execution Vulnerability
CVSS 8.8
CVE-2006-6199 METASPLOIT ruby WORKING POC
Blazevideo Blaze Dvd - Memory Corruption
Stack-based buffer overflow in BlazeVideo BlazeDVD Standard and Professional 5.0, and possibly earlier, allows remote attackers to execute arbitrary code via a long filename in a PLF playlist.
CVE-2015-0096 METASPLOIT ruby WORKING POC
Microsoft Windows Shell LNK Code Execution
Untrusted search path vulnerability in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, leading to DLL loading during Windows Explorer access to the icon of a crafted shortcut, aka "DLL Planting Remote Code Execution Vulnerability."
CVE-2021-38647 METASPLOIT CRITICAL ruby WORKING POC
Microsoft OMI Management Interface Authentication Bypass
Open Management Infrastructure Remote Code Execution Vulnerability
CVSS 9.8
CVE-2021-38294 METASPLOIT CRITICAL ruby WORKING POC
Apache Storm <2.2.1, <1.2.4 - Command Injection
A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache Storm 1.x prior to 1.2.4. A specially crafted thrift request to the Nimbus server allows Remote Code Execution (RCE) prior to authentication.
CVSS 9.8
CVE-2023-0297 METASPLOIT CRITICAL ruby WORKING POC
pyLoad js2py Python Execution
Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.
CVSS 9.8
CVE-2023-3519 METASPLOIT CRITICAL ruby WORKING POC
Unspecified Product <Version> - RCE
Unauthenticated remote code execution
CVSS 9.8
CVE-2020-8260 METASPLOIT HIGH ruby WORKING POC
Pulse Connect Secure <9.1R9 - Authenticated RCE
A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction.
CVSS 7.2
CVE-2022-44877 METASPLOIT CRITICAL ruby WORKING POC
CWP login.php Unauthenticated RCE
login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.
CVSS 9.8
CVE-2024-28397 METASPLOIT MEDIUM ruby WORKING POC
pyload-ng js2py - Remote Code Execution
An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call.
CVSS 5.3
CVE-2023-39265 METASPLOIT LOW ruby WORKING POC
Apache Superset < 2.1.0 - Improper Input Validation
Apache Superset would allow for SQLite database connections to be incorrectly registered when an attacker uses alternative driver names like sqlite+pysqlite or by using database imports. This could allow for unexpected file creation on Superset webservers. Additionally, if Apache Superset is using a SQLite database for its metadata (not advised for production use) it could result in more severe vulnerabilities related to confidentiality and integrity. This vulnerability exists in Apache Superset versions up to and including 2.1.0.
CVSS 3.8
CVE-2021-44228 METASPLOIT CRITICAL ruby WORKING POC
Log4Shell HTTP Header Injection
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
CVSS 10.0
CVE-2023-47218 METASPLOIT MEDIUM ruby WORKING POC
Qnap Qts < 5.1.5.2645 - Command Injection
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later
CVSS 5.8