h00die

191 exploits Active since Jul 1997
CVE-2022-24716 METASPLOIT HIGH ruby WORKING POC
Icinga Web 2 <2.9.5 - Info Disclosure
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including `icingaweb2` configuration files with database credentials. This issue has been resolved in versions 2.9.6 and 2.10 of Icinga Web 2. Database credentials should be rotated.
CVSS 7.5
CVE-2021-24931 METASPLOIT CRITICAL ruby WORKING POC
Wordpress Secure Copy Content Protection and Content Locking sccp_id Unauthenticated SQLi
The Secure Copy Content Protection and Content Locking WordPress plugin before 2.8.2 does not escape the sccp_id parameter of the ays_sccp_results_export_file AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an SQL injection.
CVSS 9.8
CVE-1999-0502 METASPLOIT ruby SCANNER
Unix - Info Disclosure
A Unix account has a default, null, blank, or missing password.
CVE-2021-39327 METASPLOIT MEDIUM ruby WORKING POC
Wordpress BulletProof Security Backup Disclosure
The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1.
CVSS 5.3
CVE-2021-24862 METASPLOIT HIGH ruby WORKING POC
Wordpress RegistrationMagic task_ids Authenticated SQLi
The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape user input in its rm_chronos_ajax AJAX action before using it in a SQL statement when duplicating tasks in batches, which could lead to a SQL injection issue
CVSS 7.2
CVE-2020-11530 METASPLOIT CRITICAL ruby WORKING POC
Idangero Chop Slider - SQL Injection
A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter supplied to get_script/index.php, and allows an attacker to execute arbitrary SQL queries in the context of the WP database user.
CVSS 9.8
CVE-2014-3566 METASPLOIT LOW ruby SCANNER
SSL/TLS Version Detection
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
CVSS 3.4
CVE-2025-47608 METASPLOIT CRITICAL ruby WORKING POC
sonalsinha21 Recover abandoned cart for WooCommerce <2.5 - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in sonalsinha21 Recover abandoned cart for WooCommerce recover-wc-abandoned-cart allows SQL Injection.This issue affects Recover abandoned cart for WooCommerce: from n/a through <= 2.5.
CVSS 9.3
CVE-2019-20361 METASPLOIT CRITICAL ruby WORKING POC
Icegram Email Subscribers & Newsletters < 4.3.1 - SQL Injection
There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed SQL statements to be passed to the database in the hash parameter (a blind SQL injection vulnerability).
CVSS 9.8
CVE-2020-27615 METASPLOIT CRITICAL ruby WORKING POC
WordPress <1.6.4 - SQL Injection/XSS
The Loginizer plugin before 1.6.4 for WordPress allows SQL injection (with resultant XSS), related to loginizer_login_failed and lz_valid_ip.
CVSS 9.8
CVE-2023-33246 METASPLOIT CRITICAL ruby SCANNER
Apache RocketMQ update config RCE
For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution.  Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content.  To prevent these attacks, users are recommended to upgrade to version 5.1.1 or above for using RocketMQ 5.x or 4.9.6 or above for using RocketMQ 4.x .
CVSS 9.8
CVE-2025-34098 METASPLOIT HIGH ruby WORKING POC
Riverbed SteelHead VCX <9.6.0a - Path Traversal
A path traversal vulnerability exists in Riverbed SteelHead VCX appliances (confirmed in VCX255U 9.6.0a) due to improper input validation in the log filtering functionality exposed via the management web interface. An authenticated attacker can exploit this flaw by submitting crafted filter expressions to the log_filter endpoint using the filterStr parameter. This input is processed by a backend parser that permits execution of file expansion syntax, allowing the attacker to retrieve arbitrary system files via the log viewing interface.
CVE-2021-24917 METASPLOIT HIGH ruby WORKING POC
WPS Hide Login <1.9.1 - Info Disclosure
The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user.
CVSS 7.5
CVE-2017-9554 METASPLOIT MEDIUM ruby SCANNER
Synology DSM <6.1.3-15152 - Info Disclosure
An information exposure vulnerability in forget_passwd.cgi in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to enumerate valid usernames via unspecified vectors.
CVSS 5.3
CVE-2020-36848 METASPLOIT HIGH ruby WORKING POC
Total Upkeep - WordPress Backup Plugin <1.14.9 - Info Disclosure
The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.14.9 via the env-info.php and restore-info.json files. This makes it possible for unauthenticated attackers to find the location of back-up files and subsequently download them.
CVSS 7.5
CVE-2019-6447 METASPLOIT HIGH ruby WORKING POC
Estrongs ES File Explorer File Manager - Missing Authentication
The ES File Explorer File Manager application through 4.1.9.7.4 for Android allows remote attackers to read arbitrary files or execute applications via TCP port 59777 requests on the local Wi-Fi network. This TCP port remains open after the ES application has been launched once, and responds to unauthenticated application/json data over HTTP.
CVSS 8.1
CVE-2017-9798 METASPLOIT HIGH ruby SCANNER
Apache httpd <2.4.28 - Use After Free
Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.
CVSS 7.5
CVE-2020-35234 METASPLOIT HIGH ruby WORKING POC
Wp-ecommerce Easy WP SMTP < 1.4.4 - Log Information Exposure
The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrator account takeover, as exploited in the wild in December 2020. If an attacker can list the wp-content/plugins/easy-wp-smtp/ directory, then they can discover a log file (such as #############_debug_log.txt) that contains all password-reset links. The attacker can request a reset of the Administrator password and then use a link found there.
CVSS 7.5
CVE-2023-23488 METASPLOIT CRITICAL ruby WORKING POC
Strangerstudios Paid Memberships Pro < 2.9.8 - SQL Injection
The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affected by an unauthenticated SQL injection vulnerability in the 'code' parameter of the '/pmpro/v1/order' REST route.
CVSS 9.8
CVE-2022-34877 METASPLOIT MEDIUM ruby WORKING POC
Vicidial - SQL Injection
SQL Injection vulnerability in AST Agent Time Sheet interface ((/vicidial/AST_agent_time_sheet.php) of VICIdial via the agent parameter allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server. This issue affects: VICIdial 2.14b0.5 versions prior to 3555.
CVSS 6.4
CVE-2020-6010 METASPLOIT HIGH ruby WORKING POC
LearnPress <3.2.6.7 - SQL Injection
LearnPress Wordpress plugin version prior and including 3.2.6.7 is vulnerable to SQL Injection
CVSS 8.8
CVE-2021-43798 METASPLOIT HIGH ruby WORKING POC
Grafana Plugin Path Traversal
Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.
CVSS 7.5
CVE-2021-24946 METASPLOIT CRITICAL ruby WORKING POC
WordPress Modern Events Calendar SQLi Scanner
The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the time parameter before using it in a SQL statement in the mec_load_single_page AJAX action, available to unauthenticated users, leading to an unauthenticated SQL injection issue
CVSS 9.8
CVE-2009-2936 METASPLOIT ruby WORKING POC
Varnish - Authentication Bypass
The Command Line Interface (aka Server CLI or administration interface) in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received through a TCP port, which allows remote attackers to (1) execute arbitrary code via a vcl.inline directive that provides a VCL configuration file containing inline C code; (2) change the ownership of the master process via param.set, stop, and start directives; (3) read the initial line of an arbitrary file via a vcl.load directive; or (4) conduct cross-site request forgery (CSRF) attacks that leverage a victim's location on a trusted network and improper input validation of directives. NOTE: the vendor disputes this report, saying that it is "fundamentally misguided and pointless.
CVE-2017-6527 METASPLOIT HIGH ruby WORKING POC
Dnatools Dnalims - Path Traversal
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to a NUL-terminated directory traversal attack allowing an unauthenticated attacker to access system files readable by the web server user (by using the viewAppletFsa.cgi seqID parameter).
CVSS 7.5