h00die

183 exploits Active since Jul 1997
CVE-2020-16152 NOMISEC CRITICAL WORKING POC
Aerohive NetConfig 10.0r8a LFI and log poisoning to RCE
The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine through 10.0r8a allows attackers to execute PHP code as the root user via remote HTTP requests that insert this code into a log file and then traverse to that file.
11 stars
CVSS 9.8
CVE-2023-34468 NOMISEC HIGH WRITEUP
Apache Nifi < 1.22.0 - Code Injection
The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution. The resolution validates the Database URL and rejects H2 JDBC locations. You are recommended to upgrade to version 1.22.0 or later which fixes this issue.
5 stars
CVSS 8.8
CVE-2024-30850 METASPLOIT HIGH ruby WORKING POC
Chaos RAT XSS to RCE
An issue in tiagorlampert CHAOS v5.0.1 allows a remote attacker to execute arbitrary code via the BuildClient function within client_service.go
CVSS 8.8
CVE-2015-8660 EXPLOITDB MEDIUM ruby WORKING POC
Overlayfs Privilege Escalation
The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application.
CVSS 6.7
CVE-2012-6611 EXPLOITDB CRITICAL ruby WORKING POC
Polycom Hdx System Software < 3.0.5 - Hard-coded Credentials
An issue was discovered in Polycom Web Management Interface G3/HDX 8000 HD with Durango 2.6.0 4740 software and embedded Polycom Linux Development Platform 2.14.g3. It has a blank administrative password by default, and can be successfully used without setting this password.
CVSS 9.8
CVE-2017-12478 EXPLOITDB CRITICAL ruby WORKING POC
Unitrends UEB http api remote code execution
It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of its input parameters was not validated. A remote attacker could use this flaw to bypass authentication and execute arbitrary commands with root privilege on the target system.
CVSS 9.8
CVE-2021-32706 METASPLOIT HIGH ruby WORKING POC
Pi-hole Web interface <5.5.1 - Code Injection
Pi-hole's Web interface provides a central location to manage a Pi-hole instance and review performance statistics. Prior to Pi-hole Web interface version 5.5.1, the `validDomainWildcard` preg_match filter allows a malicious character through that can be used to execute code, list directories, and overwrite sensitive files. The issue lies in the fact that one of the periods is not escaped, allowing any character to be used in its place. A patch for this vulnerability was released in version 5.5.1.
CVSS 7.6
CVE-2023-7028 METASPLOIT CRITICAL ruby WORKING POC
GitLab Password Reset Account Takeover
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.
CVSS 10.0
CVE-2023-6875 METASPLOIT CRITICAL ruby WORKING POC
Wordpress POST SMTP Account Takeover
The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to reset the API key used to authenticate to the mailer and view logs, including password reset emails, allowing site takeover.
CVSS 9.8
CVE-2017-16249 METASPLOIT HIGH ruby WORKING POC
Debut embedded http server - DoS
The Debut embedded http server contains a remotely exploitable denial of service where a single malformed HTTP POST request can cause the server to hang until eventually replying (~300 seconds) with an HTTP 500 error. While the server is hung, print jobs over the network are blocked and the web interface is inaccessible. An attacker can continuously send this malformed request to keep the device inaccessible to legitimate traffic.
CVSS 7.5
CVE-2021-4374 METASPLOIT CRITICAL ruby WORKING POC
WordPress Automatic <3.53.2 - Info Disclosure
The WordPress Automatic Plugin for WordPress is vulnerable to arbitrary options updates in versions up to, and including, 3.53.2. This is due to missing authorization and option validation in the process_form.php file. This makes it possible for unauthenticated attackers to arbitrarily update the settings of a vulnerable site and ultimately compromise the entire site.
CVSS 9.1
CVE-2022-0441 METASPLOIT CRITICAL ruby WORKING POC
MasterStudy LMS <2.7.6 - Info Disclosure
The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin
CVSS 9.8
CVE-2019-18818 METASPLOIT CRITICAL ruby WORKING POC
Strapi CMS Unauthenticated Password Reset
strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js.
CVSS 9.8
CVE-2023-28121 METASPLOIT CRITICAL ruby WORKING POC
Automattic Woocommerce Payments < 4.8.2 - Authentication Bypass
An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the plugin activated.
CVSS 9.8
CVE-2021-43798 METASPLOIT HIGH ruby WORKING POC
Grafana Plugin Path Traversal
Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.
CVSS 7.5
CVE-2018-25113 METASPLOIT ruby WORKING POC
Dicoogle PACS Web Server <2.5.0 - Path Traversal
An unauthenticated path traversal vulnerability exists in Dicoogle PACS Web Server version 2.5.0 and possibly earlier. The vulnerability allows remote attackers to read arbitrary files on the underlying system by sending a crafted request to the /exportFile endpoint using the UID parameter. Successful exploitation can reveal sensitive files accessible by the web server user.
CVE-2020-11530 METASPLOIT CRITICAL ruby WORKING POC
Idangero Chop Slider - SQL Injection
A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter supplied to get_script/index.php, and allows an attacker to execute arbitrary SQL queries in the context of the WP database user.
CVSS 9.8
CVE-2019-9960 METASPLOIT CRITICAL ruby WORKING POC
LimeSurvey Zip Path Traversals
The downloadZip function in application/controllers/admin/export.php in LimeSurvey through 3.16.1+190225 allows a relative path.
CVSS 9.8
CVE-2021-24946 METASPLOIT CRITICAL ruby WORKING POC
WordPress Modern Events Calendar SQLi Scanner
The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the time parameter before using it in a SQL statement in the mec_load_single_page AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue
CVSS 9.8
CVE-2023-23488 METASPLOIT CRITICAL ruby WORKING POC
Strangerstudios Paid Memberships Pro < 2.9.8 - SQL Injection
The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affected by an unauthenticated SQL injection vulnerability in the 'code' parameter of the '/pmpro/v1/order' REST route.
CVSS 9.8
CVE-2022-24716 METASPLOIT HIGH ruby WORKING POC
Icinga Web 2 <2.9.5 - Info Disclosure
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including `icingaweb2` configuration files with database credentials. This issue has been resolved in versions 2.9.6 and 2.10 of Icinga Web 2. Database credentials should be rotated.
CVSS 7.5
CVE-2021-24862 METASPLOIT HIGH ruby WORKING POC
Wordpress RegistrationMagic task_ids Authenticated SQLi
The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape user input in its rm_chronos_ajax AJAX action before using it in a SQL statement when duplicating tasks in batches, which could lead to a SQL injection issue
CVSS 7.2
CVE-2023-23752 METASPLOIT MEDIUM ruby WORKING POC
Joomla! < 4.2.8 - Improper Access Control
An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
CVSS 5.3
CVE-2021-24931 METASPLOIT CRITICAL ruby WORKING POC
Wordpress Secure Copy Content Protection and Content Locking sccp_id Unauthenticated SQLi
The Secure Copy Content Protection and Content Locking WordPress plugin before 2.8.2 does not escape the sccp_id parameter of the ays_sccp_results_export_file AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an SQL injection.
CVSS 9.8
CVE-1999-0502 METASPLOIT ruby SCANNER
Unix - Info Disclosure
A Unix account has a default, null, blank, or missing password.