drone

23 exploits Active since Mar 2014
CVE-2013-7392 EXPLOITDB python WORKING POC
Gitlist - Remote Code Execution via Shell Metacharacters in File Name
Gitlist allows remote attackers to execute arbitrary commands via shell metacharacters in a file name to Source/.
CVE-2013-7392 EXPLOITDB ruby WORKING POC
Gitlist - Remote Code Execution via Shell Metacharacters in File Name
Gitlist allows remote attackers to execute arbitrary commands via shell metacharacters in a file name to Source/.
CVE-2013-6720 EXPLOITDB python WORKING POC
IBM Tealeaf CX 7.x, 8.x-8.6, 8.7-8.8 - Authenticated Path Traversal via Log Parameter
Directory traversal vulnerability in download.php in the Passive Capture Application (PCA) web console in IBM Tealeaf CX 7.x, 8.x through 8.6, 8.7 before FP2, and 8.8 before FP2 allows remote authenticated users to bypass intended access restrictions via a .. (dot dot) in the log parameter, as demonstrated using a crafted request for a customer-support file, as demonstrated by a log file.
CVE-2013-10033 EXPLOITDB CRITICAL ruby WORKING POC
Kimai 0.9.2.x - Unauthenticated SQL Injection via db_restore.php dates[] Parameter
An unauthenticated SQL injection vulnerability exists in Kimai version 0.9.2.x via the db_restore.php endpoint. The flaw allows attackers to inject arbitrary SQL queries into the dates[] POST parameter, enabling file write via INTO OUTFILE under specific environmental conditions. This can lead to remote code execution by writing a PHP payload to the web-accessible temporary directory. The vulnerability has been confirmed in versions including 0.9.2.beta, 0.9.2.1294.beta, and 0.9.2.1306-3.
CVE-2013-10033 EXPLOITDB CRITICAL python WORKING POC
Kimai 0.9.2.x - Unauthenticated SQL Injection via db_restore.php dates[] Parameter
An unauthenticated SQL injection vulnerability exists in Kimai version 0.9.2.x via the db_restore.php endpoint. The flaw allows attackers to inject arbitrary SQL queries into the dates[] POST parameter, enabling file write via INTO OUTFILE under specific environmental conditions. This can lead to remote code execution by writing a PHP payload to the web-accessible temporary directory. The vulnerability has been confirmed in versions including 0.9.2.beta, 0.9.2.1294.beta, and 0.9.2.1306-3.
CVE-2014-4511 EXPLOITDB python WORKING POC
Gitlist < 0.5.0 - Remote Code Execution via Shell Metacharacters in URI
Gitlist before 0.5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name in the URI of a request for a (1) blame, (2) file, or (3) stats page, as demonstrated by requests to blame/master/, master/, and stats/master/.
CVE-2013-10033 METASPLOIT CRITICAL ruby WORKING POC
Kimai 0.9.2.x - Unauthenticated SQL Injection via db_restore.php dates[] Parameter
An unauthenticated SQL injection vulnerability exists in Kimai version 0.9.2.x via the db_restore.php endpoint. The flaw allows attackers to inject arbitrary SQL queries into the dates[] POST parameter, enabling file write via INTO OUTFILE under specific environmental conditions. This can lead to remote code execution by writing a PHP payload to the web-accessible temporary directory. The vulnerability has been confirmed in versions including 0.9.2.beta, 0.9.2.1294.beta, and 0.9.2.1306-3.
CVE-2014-4511 METASPLOIT ruby WORKING POC
Gitlist < 0.5.0 - Remote Code Execution via Shell Metacharacters in URI
Gitlist before 0.5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name in the URI of a request for a (1) blame, (2) file, or (3) stats page, as demonstrated by requests to blame/master/, master/, and stats/master/.
EIP-2026-118724 EXPLOITDB bash WORKING POC
Liferay Portal 7.0.0 M1/7.0.0 M2/7.0.0 M3 - Remote Code Execution
EIP-2026-115156 EXPLOITDB python WORKING POC
DjVuLibre 3.5.25.3 - Out of Bounds Access Violation
EIP-2026-110580 EXPLOITDB python WORKING POC
PHD Help Desk 2.12 - SQL Injection
EIP-2026-110283 EXPLOITDB text WRITEUP
OpenDocMan 1.2.6.5 - Persistent Cross-Site Scripting
CVE-2013-6719 EXPLOITDB python WORKING POC
IBM Tealeaf CX 7.x, 8.x-8.6, 8.7-8.8 - Authenticated OS Command Injection via testconn_host Parameter
delivery.php in the Passive Capture Application (PCA) web console in IBM Tealeaf CX 7.x, 8.x through 8.6, 8.7 before FP2, and 8.8 before FP2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the testconn_host parameter.
EIP-2026-106524 EXPLOITDB python WORKING POC
Dolibarr ERP/CRM 3.4.0 - 'exportcsv.php?sondage' SQL Injection
EIP-2026-106060 EXPLOITDB python WORKING POC
Collabtive 1.0 - 'manageuser.php' SQL Injection
EIP-2026-105168 EXPLOITDB python WORKING POC
aMSN 0.98.9 Web App - Multiple Vulnerabilities
EIP-2026-103789 EXPLOITDB python WORKING POC
Ntpdc 4.2.6p3 - Local Buffer Overflow
CVE-2014-5023 EXPLOITDB python WORKING POC
Gitter/Gitlist <Repository.php - Command Injection
Repository.php in Gitter, as used in Gitlist, allows remote attackers with commit privileges to execute arbitrary commands via shell metacharacters in a branch name, as demonstrated by a "git checkout -b" command.
CVE-2014-4511 EXPLOITDB ruby WORKING POC
Gitlist < 0.5.0 - Remote Code Execution via Shell Metacharacters in URI
Gitlist before 0.5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name in the URI of a request for a (1) blame, (2) file, or (3) stats page, as demonstrated by requests to blame/master/, master/, and stats/master/.
EIP-2026-103161 EXPLOITDB python WORKING POC
LShell 0.9.15 - Remote Code Execution
EIP-2026-102481 EXPLOITDB python WORKING POC
Ganib Project Management 2.3 - SQL Injection
EIP-2026-102517 EXPLOITDB python WORKING POC
OpenEMM-2013 8.10.380.hf13.0.066 - SOAP SQL Injection / Persistent Cross-Site Scripting
CVE-2013-5948 EXPLOITDB text WORKING POC
ASUS RT-AC68U and T-Mobile TM-AC1900 - Authenticated OS Command Injection via Network Analysis Target Field
The Network Analysis tab (Main_Analysis_Content.asp) in the ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the Target field (destIP parameter).