b0yd

14 exploits Active since Jul 2016
CVE-2019-1579 NOMISEC HIGH WORKING POC
PAN-OS < 7.1.19 - Unauthenticated Remote Code Execution via GlobalProtect Portal/Gateway Interface
Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier with GlobalProtect Portal or GlobalProtect Gateway Interface enabled may allow an unauthenticated remote attacker to execute arbitrary code.
63 stars
CVSS 8.1
CVE-2019-7839 NOMISEC CRITICAL WORKING POC
ColdFusion <Update 3 - Command Injection
ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.
7 stars
CVSS 9.8
CVE-2023-3519 NOMISEC CRITICAL WORKING POC
Citrix NetScaler ADC and Gateway - Unauthenticated Remote Code Execution
Unauthenticated remote code execution
1 stars
CVSS 9.8
CVE-2019-14450 NOMISEC CRITICAL WORKING POC
Repetier-Server <0.91 - Path Traversal
A directory traversal vulnerability was discovered in RepetierServer.exe in Repetier-Server 0.8 through 0.91 that allows for the creation of a user controlled XML file at an unintended location. When this is combined with CVE-2019-14451, an attacker can upload an "external command" configuration as a printer configuration, and achieve remote code execution. After exploitation, loading of the external command configuration is dependent on a system reboot or service restart.
1 stars
CVSS 9.8
CVE-2017-9830 NOMISEC CRITICAL WORKING POC
Code42 CrashPlan 5.4.x - Remote Code Execution via org.apache.commons.ssl.rmi.DateRMI Deserialization
Remote Code Execution is possible in Code42 CrashPlan 5.4.x via the org.apache.commons.ssl.rmi.DateRMI Java class, because (upon instantiation) it creates an RMI server that listens on a TCP port and deserializes objects sent by TCP clients.
1 stars
CVSS 9.8
CVE-2021-27198 NOMISEC CRITICAL WORKING POC
VisualWare MyConnection Server < 11.1a - Unauthenticated Remote Code Execution via Arbitrary File Upload
An issue was discovered in Visualware MyConnection Server before v11.1a. Unauthenticated Remote Code Execution can occur via Arbitrary File Upload in the web service when using a myspeed/sf?filename= URI. This application is written in Java and is thus cross-platform. The Windows installation runs as SYSTEM, which means that exploitation gives one Administrator privileges on the target system.
CVSS 9.8
CVE-2019-4279 EXPLOITDB CRITICAL ruby WORKING POC
IBM WebSphere App Server <9.0 - RCE
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 160445.
CVSS 9.8
CVE-2016-3962 EXPLOITDB HIGH python WORKING POC
Meinberg IMS-LANTIME - Buffer Overflow
Stack-based buffer overflow in the NTP time-server interface on Meinberg IMS-LANTIME M3000, IMS-LANTIME M1000, IMS-LANTIME M500, LANTIME M900, LANTIME M600, LANTIME M400, LANTIME M300, LANTIME M200, LANTIME M100, SyncFire 1100, and LCES devices with firmware before 6.20.004 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via a crafted parameter in a POST request.
CVSS 7.3
CVE-2018-20735 METASPLOIT HIGH ruby WORKING POC
BMC PATROL Agent < 11.3.01 - Unauthenticated Privilege Escalation via PatrolCli
An issue was discovered in BMC PATROL Agent through 11.3.01. It was found that the PatrolCli application can allow for lateral movement and escalation of privilege inside a Windows Active Directory environment. It was found that by default the PatrolCli / PATROL Agent application only verifies if the password provided for the given username is correct; it does not verify the permissions of the user on the network. This means if you have PATROL Agent installed on a high value target (domain controller), you can use a low privileged domain user to authenticate with PatrolCli and then connect to the domain controller and run commands as SYSTEM. This means any user on a domain can escalate to domain admin through PATROL Agent. NOTE: the vendor disputes this because they believe it is adequate to prevent this escalation by means of a custom, non-default configuration
CVSS 7.8
CVE-2017-18044 METASPLOIT CRITICAL ruby WORKING POC
Commvault < 11.0 - Unauthenticated OS Command Injection via CVDataPipe.dll Message Parsing
A Command Injection issue was discovered in ContentStore/Base/CVDataPipe.dll in Commvault before v11 SP6. A certain message parsing function inside the Commvault service does not properly validate the input of an incoming string before passing it to CreateProcess. As a result, a specially crafted message can inject commands that will be executed on the target operating system. Exploitation of this vulnerability does not require authentication and can lead to SYSTEM level privilege on any system running the cvd daemon. This is a different vulnerability than CVE-2017-3195.
CVSS 9.8
CVE-2019-4279 METASPLOIT CRITICAL ruby WORKING POC
IBM WebSphere App Server <9.0 - RCE
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 160445.
CVSS 9.8
CVE-2019-8352 EXPLOITDB CRITICAL ruby WORKING POC
BMC PATROL Agent < 11.3.01 - Use of Hard-coded Credentials
By default, BMC PATROL Agent through 11.3.01 uses a static encryption key for encrypting/decrypting user credentials sent over the network to managed PATROL Agent services. If an attacker were able to capture this network traffic, they could decrypt these credentials and use them to execute code or escalate privileges on the network.
CVSS 9.8
EIP-2026-118379 EXPLOITDB ruby WORKING POC
Commvault Communications Service (cvd) - Command Injection (Metasploit)
CVE-2016-3989 EXPLOITDB HIGH python WORKING POC
Meinberg IMS-LANTIME - Privilege Escalation
The NTP time-server interface on Meinberg IMS-LANTIME M3000, IMS-LANTIME M1000, IMS-LANTIME M500, LANTIME M900, LANTIME M600, LANTIME M400, LANTIME M300, LANTIME M200, LANTIME M100, SyncFire 1100, and LCES devices with firmware before 6.20.004 allows remote authenticated users to obtain root privileges for writing to unspecified scripts, and consequently obtain sensitive information or modify data, by leveraging access to the nobody account.
CVSS 8.1