aushack

85 exploits Active since May 1999
CVE-2017-16894 EXPLOITDB HIGH ruby WORKING POC
Laravel <5.5.21 - Information Disclosure
In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwords) via a direct request for the /.env URI. NOTE: this CVE is only about Laravel framework's writeNewEnvironmentFileWith function in src/Illuminate/Foundation/Console/KeyGenerateCommand.php, which uses file_put_contents without restricting the .env permissions. The .env filename is not used exclusively by Laravel framework.
CVSS 7.5
CVE-1999-0920 METASPLOIT ruby WORKING POC
University OF Washington Imap - Buffer Overflow
Buffer overflow in the pop-2d POP daemon in the IMAP package allows remote attackers to gain privileges via the FOLD command.
CVE-2005-3589 METASPLOIT ruby WORKING POC
Filezilla Server Terminal - Buffer Overflow
Buffer overflow in FileZilla Server Terminal 0.9.4d may allow remote attackers to cause a denial of service (terminal crash) via a long USER ftp command.
CVE-2006-4313 METASPLOIT ruby WORKING POC
Cisco VPN 3000 series - Multiple Vulns
Multiple unspecified vulnerabilities in Cisco VPN 3000 series concentrators before 4.1, 4.1.x up to 4.1(7)L, and 4.7.x up to 4.7(2)F allow attackers to execute the (1) CWD, (2) MKD, (3) CDUP, (4) RNFR, (5) SIZE, and (6) RMD FTP commands to modify files or create and delete directories via unknown vectors.
CVE-2009-2367 METASPLOIT CRITICAL ruby WORKING POC
Iomega StorCenter Pro - Info Disclosure
cgi-bin/makecgi-pro in Iomega StorCenter Pro generates predictable session IDs, which allows remote attackers to hijack active sessions and gain privileges via brute force guessing attacks on the session_id parameter.
CVSS 9.8
CVE-2004-0331 METASPLOIT ruby WORKING POC
Dell OpenManage Web Server 3.4.0 - Buffer Overflow
Heap-based buffer overflow in Dell OpenManage Web Server 3.4.0 allows remote attackers to cause a denial of service (crash) via a HTTP POST with a long application variable.
CVE-2008-2938 METASPLOIT ruby WORKING POC
Apache Tomcat < 4.1.37 - Path Traversal
Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
CVE-2008-2938 METASPLOIT ruby WORKING POC
Apache Tomcat < 4.1.37 - Path Traversal
Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
CVE-2009-10005 METASPLOIT ruby WORKING POC
ContentKeeper Web Appliance <125.10 - Path Traversal
ContentKeeper Web Appliance (now maintained by Impero Software) versions prior to 125.10 expose the mimencode binary via a CGI endpoint, allowing unauthenticated attackers to retrieve arbitrary files from the filesystem. By crafting a POST request to /cgi-bin/ck/mimencode with traversal and output parameters, attackers can read sensitive files such as /etc/passwd outside the webroot.
CVE-2008-2439 METASPLOIT ruby SCANNER
Trend Micro Officescan - Path Traversal
Directory traversal vulnerability in the UpdateAgent function in TmListen.exe in the OfficeScanNT Listener service in the client in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1372, OfficeScan 8.0 SP1 before build 1222, OfficeScan 8.0 SP1 Patch 1 before build 3087, and Worry-Free Business Security 5.0 before build 1220 allows remote attackers to read arbitrary files via directory traversal sequences in an HTTP request. NOTE: some of these details are obtained from third party information.
CVE-2002-1214 METASPLOIT ruby WORKING POC
Microsoft PPTP Service - Buffer Overflow
Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with malformed control data.
CVE-2000-0380 METASPLOIT ruby WORKING POC
Cisco Ios - Improper Input Validation
The IOS HTTP service in Cisco routers and switches running IOS 11.1 through 12.1 allows remote attackers to cause a denial of service by requesting a URL that contains a %% string.
CVE-2003-0694 METASPLOIT ruby WORKING POC
Sendmail 8.12.9 - Buffer Overflow
The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.
CVE-2004-2691 METASPLOIT ruby WORKING POC
3com 3c17205-us - Denial of Service
Unspecified vulnerability in 3Com SuperStack 3 4400 switches with firmware version before 3.31 allows remote attackers to cause a denial of service (device reset) via a crafted request to the web management interface. NOTE: the provenance of this information is unknown; details are obtained from third party reports.
CVE-2006-6565 METASPLOIT ruby WORKING POC
FileZilla Server <0.9.22 - DoS
FileZilla Server before 0.9.22 allows remote attackers to cause a denial of service (crash) via a wildcard argument to the (1) LIST or (2) NLST commands, which results in a NULL pointer dereference, a different set of vectors than CVE-2006-6564. NOTE: CVE analysis suggests that the problem might be due to a malformed PORT command.
CVE-2009-1535 METASPLOIT ruby WORKING POC
Microsoft Internet Information Services - Authentication Bypass
The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by inserting %c0%af into a "/protected/" initial pathname component to bypass the password protection on the protected\ folder, aka "IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1122.
CVE-2009-1535 METASPLOIT ruby SCANNER
Microsoft Internet Information Services - Authentication Bypass
The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by inserting %c0%af into a "/protected/" initial pathname component to bypass the password protection on the protected\ folder, aka "IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1122.
CVE-2001-0537 METASPLOIT ruby WORKING POC
Cisco Ios - Authentication Bypass
HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.
CVE-2009-2936 METASPLOIT ruby SCANNER
Varnish - Authentication Bypass
The Command Line Interface (aka Server CLI or administration interface) in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received through a TCP port, which allows remote attackers to (1) execute arbitrary code via a vcl.inline directive that provides a VCL configuration file containing inline C code; (2) change the ownership of the master process via param.set, stop, and start directives; (3) read the initial line of an arbitrary file via a vcl.load directive; or (4) conduct cross-site request forgery (CSRF) attacks that leverage a victim's location on a trusted network and improper input validation of directives. NOTE: the vendor disputes this report, saying that it is "fundamentally misguided and pointless.
CVE-2006-2447 METASPLOIT ruby WORKING POC
SpamAssassin <3.1.3 - RCE
SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.
CVE-2017-16894 METASPLOIT HIGH ruby WORKING POC
Laravel <5.5.21 - Information Disclosure
In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwords) via a direct request for the /.env URI. NOTE: this CVE is only about Laravel framework's writeNewEnvironmentFileWith function in src/Illuminate/Foundation/Console/KeyGenerateCommand.php, which uses file_put_contents without restricting the .env permissions. The .env filename is not used exclusively by Laravel framework.
CVSS 7.5
CVE-2009-20011 METASPLOIT ruby WORKING POC
ContentKeeper Web Appliance <125.10 - RCE
ContentKeeper Web Appliance (now maintained by Impero Software) versions prior to 125.10 are vulnerable to remote command execution due to insecure handling of file uploads via the mimencode CGI utility. The vulnerability allows unauthenticated attackers to upload and execute arbitrary scripts as the Apache user. Additionally, the exploit can optionally escalate privileges by abusing insecure PATH usage in the benetool binary, resulting in root-level access if successful.
CVE-2006-2237 METASPLOIT ruby WORKING POC
AWStats <6.5 - RCE
The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter.
CVE-2012-10020 METASPLOIT CRITICAL ruby WORKING POC
FoxyPress <0.4.2.1 - File Upload
The FoxyPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadify.php file in versions up to, and including, 0.4.2.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
CVSS 9.8
CVE-2007-4560 METASPLOIT ruby WORKING POC
ClamAV <0.91.2 - RCE
clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the "recipient field of sendmail."