g0tmi1k

11 exploits Active since Jan 1999
CVE-2018-7600 NOMISEC CRITICAL WORKING POC
Drupal Drupalgeddon 2 Forms API Property Injection
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
593 stars
CVSS 9.8
CVE-2008-0166 NOMISEC HIGH WRITEUP
OpenSSL <0.9.8g-9 - Info Disclosure
OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys.
410 stars
CVSS 7.5
CVE-2018-7600 NOMISEC CRITICAL WORKING POC
Drupal Drupalgeddon 2 Forms API Property Injection
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
114 stars
CVSS 9.8
CVE-2018-7600 GITHUB CRITICAL python WORKING POC
Drupal Drupalgeddon 2 Forms API Property Injection
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
2 stars
CVSS 9.8
CVE-2018-7600 GITHUB CRITICAL python WORKING POC
Drupal Drupalgeddon 2 Forms API Property Injection
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
CVSS 9.8
CVE-2018-7600 NOMISEC CRITICAL WORKING POC
Drupal Drupalgeddon 2 Forms API Property Injection
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
CVSS 9.8
CVE-1999-0497 METASPLOIT ruby SCANNER
FTP Server - Info Disclosure
Anonymous FTP is enabled.
CVE-2009-1285 METASPLOIT ruby WORKING POC
phpMyAdmin < 3.1.3.2 - Remote Code Injection via ConfigFile.class.php
Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile.class.php in phpMyAdmin 3.x before 3.1.3.2 allows remote attackers to inject arbitrary PHP code into configuration files.
CVE-2012-10062 METASPLOIT HIGH ruby WORKING POC
XAMPP < 1.7.3 - Authenticated Remote Code Execution via WebDAV PHP Upload
A vulnerability in XAMPP, developed by Apache Friends, version 1.7.3's default WebDAV configuration allows remote authenticated attackers to upload and execute arbitrary PHP code. The WebDAV service, accessible via /webdav/, accepts HTTP PUT requests using default credentials. This permits attackers to upload a malicious PHP payload and trigger its execution via a subsequent GET request, resulting in remote code execution on the server.
EIP-2026-119525 EXPLOITDB c++ WORKING POC
Fortinet FortiClient 5.2.3 (Windows 10 x86) - Local Privilege Escalation
CVE-2018-7600 EXPLOITDB CRITICAL ruby WORKING POC
Drupal Drupalgeddon 2 Forms API Property Injection
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
CVSS 9.8