h00die

198 exploits Active since Jul 1997
CVE-2018-11409 METASPLOIT MEDIUM ruby WORKING POC
Splunk < 7.0.1 - Unauthenticated Information Disclosure via Server Info Endpoint
Splunk through 7.0.1 allows information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license key.
CVSS 5.3
CVE-2021-28164 METASPLOIT MEDIUM ruby WORKING POC
Eclipse Jetty - Information Disclosure
In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application.
CVSS 5.3
CVE-2024-30851 METASPLOIT MEDIUM ruby WORKING POC
Jasmin Ransomware Web Server Unauthenticated SQL Injection
Directory Traversal vulnerability in codesiddhant Jasmin Ransomware v.1.0.1 allows an attacker to obtain sensitive information via the download_file.php component.
CVSS 6.5
CVE-2024-23897 METASPLOIT CRITICAL ruby WORKING POC
Jenkins cli Ampersand Replacement Arbitrary File Read
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
CVSS 9.8
CVE-2017-13156 METASPLOIT HIGH ruby WORKING POC
Android Janus APK Signature bypass
An elevation of privilege vulnerability in the Android system (art). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-64211847.
CVSS 7.8
CVE-2025-34093 METASPLOIT HIGH ruby WORKING POC
Polycom HDX Series - Command Injection
An authenticated command injection vulnerability exists in the Polycom HDX Series command shell interface accessible over Telnet. The lan traceroute command in the devcmds console accepts unsanitized input, allowing attackers to execute arbitrary system commands. By injecting shell metacharacters through the traceroute interface, an attacker can achieve remote code execution under the context of the root user. This flaw affects systems where Telnet access is enabled and either unauthenticated access is allowed or credentials are known.
CVE-2012-6610 METASPLOIT HIGH ruby WORKING POC
Polycom HDX Video End Points < 3.0.4 and UC APL < 2.7.1.j - Authenticated OS Command Injection via Ping Command
Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote authenticated users to execute arbitrary commands as demonstrated by a ; (semicolon) to the ping command feature.
CVSS 8.8
CVE-2016-15043 METASPLOIT CRITICAL ruby WORKING POC
WP Mobile Detector <3.5 - File Upload
The WP Mobile Detector plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in resize.php file in versions up to, and including, 3.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
CVSS 9.8
CVE-2020-14295 METASPLOIT HIGH ruby WORKING POC
Cacti 1.2.12 - Authenticated SQL Injection via color.php filter Parameter
A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries.
CVSS 7.2
CVE-2016-10709 METASPLOIT HIGH ruby WORKING POC
pfSense < 2.2.6 - Authenticated OS Command Injection via Graph Parameter
pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the status_rrd_graph_img.php graph parameter, related to _rrd_graph_img.php.
CVSS 8.8
CVE-2020-11108 METASPLOIT HIGH ruby WORKING POC
Pi-Hole heisenbergCompensator Blocklist OS Command Execution
The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abused for Remote Code Execution by writing to a PHP file in the web directory. (Also, it can be used in conjunction with the sudo rule for the www-data user to escalate privileges to root.) The code error is in gravity_DownloadBlocklistFromUrl in gravity.sh.
CVSS 8.8
CVE-2025-34087 METASPLOIT HIGH ruby WORKING POC
Pi-hole < 3.3 - Authenticated OS Command Injection via Allowlist Domain Parameter
An authenticated command injection vulnerability exists in Pi-hole versions up to 3.3. When adding a domain to the allowlist via the web interface, the domain parameter is not properly sanitized, allowing an attacker to append OS commands to the domain string. These commands are executed on the underlying operating system with the privileges of the Pi-hole service user. This behavior was present in the legacy AdminLTE interface and has since been patched in later versions.
CVSS 8.8
CVE-2020-8816 METASPLOIT HIGH ruby WORKING POC
Pi-hole < 4.3.2 - Authenticated Remote Code Execution via DHCP Static Lease
Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease.
CVSS 7.2
CVE-2021-42362 METASPLOIT HIGH ruby WORKING POC
WordPress Popular Posts <= 5.3.2 - Authenticated Arbitrary File Upload in Image.php
The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/src/Image.php file which makes it possible for attackers with contributor level access and above to upload malicious files that can be used to obtain remote code execution, in versions up to and including 5.3.2.
CVSS 8.8
CVE-2023-33246 METASPLOIT CRITICAL ruby WORKING POC
Apache RocketMQ update config RCE
For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution.  Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content.  To prevent these attacks, users are recommended to upgrade to version 5.1.1 or above for using RocketMQ 5.x or 4.9.6 or above for using RocketMQ 4.x .
CVSS 9.8
CVE-2021-39352 METASPLOIT HIGH ruby WORKING POC
Wordpress Plugin Catch Themes Demo Import RCE
The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with administrative privileges to upload malicious files that can be used to achieve remote code execution.
CVSS 7.2
CVE-2021-21809 METASPLOIT CRITICAL ruby WORKING POC
Moodle Authenticated Spelling Binary RCE
A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this vulnerabilities.
CVSS 9.1
CVE-2020-12800 METASPLOIT CRITICAL ruby WORKING POC
Wordpress Drag and Drop Multi File Uploader RCE
The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Upload and remote code execution by setting supported_type to php% and uploading a .php% file.
CVSS 9.8
CVE-2017-1000486 METASPLOIT CRITICAL ruby WORKING POC
Primefaces Remote Code Execution Exploit
Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution
CVSS 9.8
CVE-2022-1329 METASPLOIT HIGH ruby WORKING POC
Elementor Website Builder 3.6.0-3.6.2 - Authenticated Remote Code Execution via Onboarding Module AJAX Actions
The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~/core/app/modules/onboarding/module.php file that make it possible for attackers to modify site data in addition to uploading malicious files that can be used to obtain remote code execution, in versions 3.6.0 to 3.6.2.
CVSS 8.8
CVE-2024-34069 METASPLOIT HIGH ruby WORKING POC
Werkzeug < 3.0.3 - Remote Code Execution via Debugger PIN Bypass
Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, and enter the debugger PIN, but if they are successful it allows access to the debugger even if it is only running on localhost. This also requires the attacker to guess a URL in the developer's application that will trigger the debugger. This vulnerability is fixed in 3.0.3.
CVSS 7.5
CVE-2020-36849 METASPLOIT CRITICAL ruby WORKING POC
AIT CSV import/export < 3.0.3 - Unauthenticated Arbitrary File Upload via upload-handler.php
The AIT CSV import/export plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the /wp-content/plugins/ait-csv-import-export/admin/upload-handler.php file in versions up to, and including, 3.0.3. This makes it possible for unauthorized attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
CVSS 9.8
CVE-2020-14321 METASPLOIT HIGH ruby WORKING POC
Moodle Teacher Enrollment Privilege Escalation to RCE
In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, teachers of a course were able to assign themselves the manager role within that course.
CVSS 8.8
CVE-2020-36847 METASPLOIT CRITICAL ruby WORKING POC
Simple-File-List Plugin <4.2.2 - RCE
The Simple-File-List Plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.2.2 via the rename function which can be used to rename uploaded PHP code with a png extension to use a php extension. This allows unauthenticated attackers to execute code on the server.
CVSS 9.8
CVE-2020-35847 METASPLOIT CRITICAL ruby WORKING POC
Cockpit CMS NoSQLi to RCE
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function.
CVSS 9.8