h00die

191 exploits Active since Jul 1997
CVE-2020-11108 METASPLOIT HIGH ruby WORKING POC
Pi-Hole heisenbergCompensator Blocklist OS Command Execution
The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abused for Remote Code Execution by writing to a PHP file in the web directory. (Also, it can be used in conjunction with the sudo rule for the www-data user to escalate privileges to root.) The code error is in gravity_DownloadBlocklistFromUrl in gravity.sh.
CVSS 8.8
CVE-2025-34087 METASPLOIT HIGH ruby WORKING POC
Pi-hole <3.3 - Command Injection
An authenticated command injection vulnerability exists in Pi-hole versions up to 3.3. When adding a domain to the allowlist via the web interface, the domain parameter is not properly sanitized, allowing an attacker to append OS commands to the domain string. These commands are executed on the underlying operating system with the privileges of the Pi-hole service user. This behavior was present in the legacy AdminLTE interface and has since been patched in later versions.
CVSS 8.8
CVE-2020-8816 METASPLOIT HIGH ruby WORKING POC
Pi-hole Web <4.3.2 - RCE
Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease.
CVSS 7.2
CVE-2023-46214 METASPLOIT HIGH ruby WORKING POC
Splunk Enterprise <9.0.7-9.1.2 - RCE
In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk Enterprise instance.
CVSS 8.0
CVE-2016-15043 METASPLOIT CRITICAL ruby WORKING POC
WP Mobile Detector <3.5 - File Upload
The WP Mobile Detector plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in resize.php file in versions up to, and including, 3.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
CVSS 9.8
CVE-2021-42258 METASPLOIT CRITICAL ruby WORKING POC
BQE Billquick Web Suite < 22.0.9.1 - SQL Injection
BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution, as exploited in the wild in October 2021 for ransomware installation. SQL injection can, for example, use the txtID (aka username) parameter. Successful exploitation can include the ability to execute arbitrary code as MSSQLSERVER$ via xp_cmdshell.
CVSS 9.8
CVE-2023-33246 METASPLOIT CRITICAL ruby WORKING POC
Apache RocketMQ update config RCE
For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution.  Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content.  To prevent these attacks, users are recommended to upgrade to version 5.1.1 or above for using RocketMQ 5.x or 4.9.6 or above for using RocketMQ 4.x .
CVSS 9.8
CVE-2021-42362 METASPLOIT HIGH ruby WORKING POC
Wordpress Popular Posts < 5.3.2 - Unrestricted File Upload
The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/src/Image.php file which makes it possible for attackers with contributor level access and above to upload malicious files that can be used to obtain remote code execution, in versions up to and including 5.3.2.
CVSS 8.8
CVE-2021-21809 METASPLOIT CRITICAL ruby WORKING POC
Moodle Authenticated Spelling Binary RCE
A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this vulnerabilities.
CVSS 9.1
CVE-2020-36847 METASPLOIT CRITICAL ruby WORKING POC
Simple-File-List Plugin <4.2.2 - RCE
The Simple-File-List Plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.2.2 via the rename function which can be used to rename uploaded PHP code with a png extension to use a php extension. This allows unauthenticated attackers to execute code on the server.
CVSS 9.8
CVE-2025-34077 METASPLOIT CRITICAL ruby WORKING POC
WordPress Pie Register <3.7.1.4 - Auth Bypass
An authentication bypass vulnerability exists in the WordPress Pie Register plugin ≤ 3.7.1.4 that allows unauthenticated attackers to impersonate arbitrary users by submitting a crafted POST request to the login endpoint. By setting social_site=true and manipulating the user_id_social_site parameter, an attacker can generate a valid WordPress session cookie for any user ID, including administrators. Once authenticated, the attacker may exploit plugin upload functionality to install a malicious plugin containing arbitrary PHP code, resulting in remote code execution on the underlying server.
CVE-2016-6253 METASPLOIT HIGH ruby WORKING POC
NetBSD <7.0 - Local Privilege Escalation
mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or append data to arbitrary files on the target system via a symlink attack on the user mailbox.
CVSS 7.8
CVE-2022-41034 METASPLOIT HIGH ruby WORKING POC
Visual Studio Code - RCE
Visual Studio Code Remote Code Execution Vulnerability
CVSS 7.8
CVE-2019-11631 METASPLOIT ruby WORKING POC
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
CVE-2020-35847 METASPLOIT CRITICAL ruby WORKING POC
Cockpit CMS NoSQLi to RCE
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function.
CVSS 9.8
CVE-2020-14321 METASPLOIT HIGH ruby WORKING POC
Moodle Teacher Enrollment Privilege Escalation to RCE
In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, teachers of a course were able to assign themselves the manager role within that course.
CVSS 8.8
CVE-2020-36849 METASPLOIT CRITICAL ruby WORKING POC
AIT CSV Import/Export <3.0.3 - RCE
The AIT CSV import/export plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the /wp-content/plugins/ait-csv-import-export/admin/upload-handler.php file in versions up to, and including, 3.0.3. This makes it possible for unauthorized attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
CVSS 9.8
CVE-2024-34069 METASPLOIT HIGH ruby WORKING POC
Werkzeug - Code Injection
Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, and enter the debugger PIN, but if they are successful it allows access to the debugger even if it is only running on localhost. This also requires the attacker to guess a URL in the developer's application that will trigger the debugger. This vulnerability is fixed in 3.0.3.
CVSS 7.5
CVE-2021-39352 METASPLOIT HIGH ruby WORKING POC
Wordpress Plugin Catch Themes Demo Import RCE
The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with administrative privileges to upload malicious files that can be used to achieve remote code execution.
CVSS 7.2
CVE-2022-1329 METASPLOIT HIGH ruby WORKING POC
Elementor Website Builder < 3.6.2 - Missing Authorization
The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~/core/app/modules/onboarding/module.php file that make it possible for attackers to modify site data in addition to uploading malicious files that can be used to obtain remote code execution, in versions 3.6.0 to 3.6.2.
CVSS 8.8
CVE-2017-1000486 METASPLOIT CRITICAL ruby WORKING POC
Primefaces Remote Code Execution Exploit
Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution
CVSS 9.8
CVE-2020-12800 METASPLOIT CRITICAL ruby WORKING POC
Wordpress Drag and Drop Multi File Uploader RCE
The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Upload and remote code execution by setting supported_type to php% and uploading a .php% file.
CVSS 9.8
CVE-2016-10225 METASPLOIT HIGH ruby WORKING POC
Allwinner Linux-3.4-sunxi - Access Control
The sunxi-debug driver in Allwinner 3.4 legacy kernel for H3, A83T and H8 devices allows local users to gain root privileges by sending "rootmydevice" to /proc/sunxi_debug/sunxi_debug.
CVSS 7.8
CVE-2020-5741 METASPLOIT HIGH ruby WORKING POC
Plex Media Server - Code Injection
Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code.
CVSS 7.2
CVE-2020-7356 METASPLOIT CRITICAL ruby WORKING POC
Cayintech Xpost - SQL Injection
CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter 'wayfinder_seqid' in wayfinder_meeting_input.jsp is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and execute SYSTEM commands.
CVSS 10.0