agix

10 exploits Active since Oct 2013
CVE-2016-4010 METASPLOIT CRITICAL ruby WORKING POC
Magento < 2.0.6 - Unauthenticated PHP Object Injection via Serialized Shopping Cart Data
Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks and execute arbitrary PHP code via crafted serialized shopping cart data.
CVSS 9.8
CVE-2013-1892 METASPLOIT ruby WORKING POC
MongoDB < 2.0.9 and 2.2.x < 2.2.4 - Authenticated Remote Code Execution via nativeHelper Function
MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service (invalid memory access and server crash) or execute arbitrary code via a crafted memory address in the first argument.
CVE-2016-4010 EXPLOITDB CRITICAL php WORKING POC
Magento < 2.0.6 - Unauthenticated PHP Object Injection via Serialized Shopping Cart Data
Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks and execute arbitrary PHP code via crafted serialized shopping cart data.
CVSS 9.8
CVE-2013-1892 EXPLOITDB ruby WORKING POC
MongoDB < 2.0.9 and 2.2.x < 2.2.4 - Authenticated Remote Code Execution via nativeHelper Function
MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service (invalid memory access and server crash) or execute arbitrary code via a crafted memory address in the first argument.
CVE-2013-1892 EXPLOITDB text WORKING POC
MongoDB < 2.0.9 and 2.2.x < 2.2.4 - Authenticated Remote Code Execution via nativeHelper Function
MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMonkey, which allows remote authenticated users to cause a denial of service (invalid memory access and server crash) or execute arbitrary code via a crafted memory address in the first argument.
EIP-2026-103234 EXPLOITDB text WORKING POC
UCOPIA Wireless Appliance < 5.1 (Captive Portal) - Root Remote Code Execution
CVE-2017-8051 EXPLOITDB CRITICAL bash WORKING POC
Tenable Appliance 3.5-4.4.0 - OS Command Injection via tns_appliance_session_user Parameter
Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a flaw in the simpleupload.py script in the Web UI. Through the manipulation of the tns_appliance_session_user parameter, a remote attacker can inject arbitrary commands.
CVSS 9.8
EIP-2026-103141 EXPLOITDB ruby WORKING POC
HP System Management - Anonymous Access Code Execution (Metasploit)
EIP-2026-103160 EXPLOITDB python WORKING POC
Logpoint < 5.6.4 - Root Remote Code Execution
EIP-2026-102868 EXPLOITDB ruby WORKING POC
HP System Management Homepage - Local Privilege Escalation (Metasploit)