aushack

88 exploits Active since May 1999
CVE-2009-20011 METASPLOIT CRITICAL ruby WORKING POC
ContentKeeper Web Appliance <125.10 - RCE
ContentKeeper Web Appliance (now maintained by Impero Software) versions prior to 125.10 are vulnerable to remote command execution due to insecure handling of file uploads via the mimencode CGI utility. The vulnerability allows unauthenticated attackers to upload and execute arbitrary scripts as the Apache user. Additionally, the exploit can optionally escalate privileges by abusing insecure PATH usage in the benetool binary, resulting in root-level access if successful.
CVE-2017-16894 METASPLOIT HIGH ruby WORKING POC
Laravel <5.5.21 - Information Disclosure
In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwords) via a direct request for the /.env URI. NOTE: this CVE is only about Laravel framework's writeNewEnvironmentFileWith function in src/Illuminate/Foundation/Console/KeyGenerateCommand.php, which uses file_put_contents without restricting the .env permissions. The .env filename is not used exclusively by Laravel framework.
CVSS 7.5
CVE-2004-1389 METASPLOIT ruby WORKING POC
Veritas NetBackup 3.4-4.5 and 5.0-5.1 - Remote Code Execution via bpjava-susvc Process
Unknown vulnerability in the Veritas NetBackup Administrative Assistant interface for NetBackup BusinesServer 3.4, 3.4.1, and 4.5, DataCenter 3.4, 3.4.1, and 4.5, Enterprise Server 5.1, and NetBackup Server 5.0 and 5.1, allows attackers to execute arbitrary commands via the bpjava-susvc process, possibly related to the call-back feature.
CVE-2007-4560 METASPLOIT ruby WORKING POC
ClamAV < 0.91.2 - Remote Code Execution via Shell Metacharacters in Sendmail Recipient Field
clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the "recipient field of sendmail."
CVE-2009-20010 METASPLOIT CRITICAL ruby WORKING POC
Dogfood CRM < 2.0.10 - Unauthenticated Remote Command Execution via spell.php data Parameter
Dogfood CRM version 2.0.10 contains a remote command execution vulnerability in the spell.php script used by its mail subsystem. The vulnerability arises from unsanitized user input passed via a POST request to the data parameter, which is processed by the underlying shell without adequate escaping. This allows attackers to inject arbitrary shell commands and execute them on the server. The flaw is exploitable without authentication and was discovered by researcher LSO.
CVE-2008-3922 METASPLOIT ruby WORKING POC
AWStats Totals 1.0-1.14 - Remote Code Execution via Sort Parameter
awstatstotals.php in AWStats Totals 1.0 through 1.14 allows remote attackers to execute arbitrary code via PHP sequences in the sort parameter, which is used by the multisort function when dynamically creating an anonymous PHP function.
CVE-2005-2733 METASPLOIT ruby WORKING POC
Simple PHP Blog - Remote Code Execution via Unrestricted File Upload
upload_img_cgi.php in Simple PHP Blog (SPHPBlog) does not properly restrict file extensions of uploaded files, which could allow remote attackers to execute arbitrary code.
CVE-2005-2086 METASPLOIT ruby WORKING POC
phpBB <= 2.0.15 - Remote File Inclusion in viewtopic.php
PHP remote file inclusion vulnerability in viewtopic.php in phpBB 2.0.15 and earlier allows remote attackers to execute arbitrary PHP code.
CVE-1999-1053 METASPLOIT ruby WORKING POC
Apache HTTP Server - Remote Command Execution via SSI Closing Sequence Bypass
guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
CVE-2001-0311 METASPLOIT ruby WORKING POC
HP OmniBackII <A.03.50 - Privilege Escalation
Vulnerability in OmniBackII A.03.50 in HP 11.x and earlier allows attackers to gain unauthorized access to an OmniBack client.
CVE-2001-0414 METASPLOIT ruby WORKING POC
ntpd < 4.0.99k - Buffer Overflow via Long readvar Argument
Buffer overflow in ntpd ntp daemon 4.0.99k and earlier (aka xntpd and xntp3) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long readvar argument.
CVE-2005-0581 METASPLOIT ruby WORKING POC
CA License Client and Server 0.1.0.15 - Multiple Buffer Overflow via GCR Request and GETCONFIG Packet
Multiple buffer overflows in Computer Associates (CA) License Client and Server 0.1.0.15 allow remote attackers to execute arbitrary code via (1) certain long fields in the Checksum item in a GCR request, (2) a long IP address, hostname, or netmask values in a GCR request, (3) a long last parameter in a GETCONFIG packet, or (4) long values in a request with an invalid format.
CVE-2006-5156 METASPLOIT ruby WORKING POC
McAfee ePolicy Orchestrator < 3.5.0.720 and ProtectionPilot < 1.1.1.126 - Remote Code Execution via Long Source Header
Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ProtectionPilot before 1.1.1.126 allows remote attackers to execute arbitrary code via a request to /spipe/pkg/ with a long source header.
CVE-2002-1120 METASPLOIT ruby WORKING POC
Savant Web Server < 3.1 - Remote Code Execution via Long HTTP GET Request
Buffer overflow in Savant Web Server 3.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.
CVE-2004-2086 METASPLOIT ruby WORKING POC
Sambar Server <6.0 - Buffer Overflow
Stack-based buffer overflow in results.stm for Sambar Server before the 6.0 production release allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP POST request with a long query parameter.
CVE-2004-0313 METASPLOIT ruby WORKING POC
PSOProxy 0.91 - Buffer Overflow via Long HTTP Request
Buffer overflow in PSOProxy 0.91 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long HTTP request, as demonstrated using a long (1) GET argument or (2) method name.
CVE-2002-2268 METASPLOIT ruby WORKING POC
Webster HTTP Server - Remote Code Execution via Long URL
Buffer overflow in Webster HTTP Server allows remote attackers to execute arbitrary code via a long URL.
CVE-2007-5067 METASPLOIT ruby WORKING POC
iMatix Xitami Web Server 2.5c2 - Remote Code Execution via Long If-Modified-Since Header
Multiple buffer overflows in iMatix Xitami Web Server 2.5c2 allow remote attackers to execute arbitrary code via a long If-Modified-Since header to (1) xigui32.exe or (2) xitami.exe.
CVE-2004-2416 METASPLOIT ruby WORKING POC
CCProxy - Buffer Overflow via Long HTTP GET Request
Buffer overflow in the logging component of CCProxy allows remote attackers to execute arbitrary code via a long HTTP GET request.
CVE-2006-2926 METASPLOIT ruby WORKING POC
Qbik WinGate 6.1.1.1077 - Buffer Overflow
Stack-based buffer overflow in the WWW Proxy Server of Qbik WinGate 6.1.1.1077 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long URL HTTP request.
CVE-2010-1549 METASPLOIT ruby WORKING POC
HP LoadRunner < 9.50 and Performance Center < 9.50 - Remote Code Execution
Unspecified vulnerability in the Agent in HP LoadRunner before 9.50 and HP Performance Center before 9.50 allows remote attackers to execute arbitrary code via unknown vectors.
CVE-2004-1317 METASPLOIT ruby WORKING POC
Netcat for Windows 1.1 - Buffer Overflow
Stack-based buffer overflow in doexec.c in Netcat for Windows 1.1, when running with the -e option, allows remote attackers to execute arbitrary code via a long DNS command.
CVE-2008-4449 METASPLOIT ruby WORKING POC
mIRC 6.34 - Remote Code Execution via Long Hostname in PRIVMSG
Stack-based buffer overflow in mIRC 6.34 allows remote attackers to execute arbitrary code via a long hostname in a PRIVMSG message.
CVE-2005-0581 METASPLOIT ruby WORKING POC
CA License Client and Server 0.1.0.15 - Multiple Buffer Overflow via GCR Request and GETCONFIG Packet
Multiple buffer overflows in Computer Associates (CA) License Client and Server 0.1.0.15 allow remote attackers to execute arbitrary code via (1) certain long fields in the Checksum item in a GCR request, (2) a long IP address, hostname, or netmask values in a GCR request, (3) a long last parameter in a GETCONFIG packet, or (4) long values in a request with an invalid format.
CVE-2000-0665 METASPLOIT ruby WORKING POC
GAMSoft TelSrv <= 1.5 - Denial of Service via Long Username
GAMSoft TelSrv telnet server 1.5 and earlier allows remote attackers to cause a denial of service via a long username.