h00die

191 exploits Active since Jul 1997
CVE-2023-31902 METASPLOIT CRITICAL ruby WORKING POC
RPA Technology Mobile Mouse 3.6.0.4 - RCE
RPA Technology Mobile Mouse 3.6.0.4 is vulnerable to Remote Code Execution (RCE).
CVSS 9.8
CVE-2022-3229 METASPLOIT CRITICAL ruby WORKING POC
Unified Remote - RCE
Because the web management interface for Unified Intents' Unified Remote solution does not itself require authentication, a remote, unauthenticated attacker can change or disable authentication requirements for the Unified Remote protocol, and leverage this now-unauthenticated access to run code of the attacker's choosing.
CVSS 9.8
CVE-2022-3218 METASPLOIT CRITICAL ruby WORKING POC
WiFi Mouse - RCE
Due to a reliance on client-side authentication, the WiFi Mouse (Mouse Server) from Necta LLC's authentication mechanism is trivially bypassed, which can result in remote code execution.
CVSS 9.8
CVE-2022-4978 METASPLOIT CRITICAL ruby WORKING POC
Remote Control Server 3.1.1.12 - RCE
Remote Control Server, maintained by Steppschuh, 3.1.1.12 allows unauthenticated remote code execution when authentication is disabled, which is the default configuration. The server exposes a custom UDP-based control protocol that accepts remote keyboard input events without verification. An attacker on the same network can issue a sequence of keystroke commands to launch a system shell and execute arbitrary commands, resulting in full system compromise.
CVE-2022-3365 METASPLOIT CRITICAL ruby WORKING POC
Remote Mouse Server <4.110 - Command Injection
Due to reliance on a trivial substitution cipher, sent in cleartext, and the reliance on a default password when the user does not set a password, the Remote Mouse Server by Emote Interactive can be abused by attackers to inject OS commands over theproduct's custom control protocol. A Metasploit module was written and tested against version 4.110, the current version when this CVE was reserved.
CVSS 9.8
CVE-2023-46944 METASPLOIT HIGH ruby WORKING POC
GitKraken GitLens <14.0.0 - RCE
An issue in GitKraken GitLens before v.14.0.0 allows an attacker to execute arbitrary code via a crafted file to the Visual Studio Codes workspace trust component.
CVSS 7.8
CVE-2024-28741 METASPLOIT HIGH ruby WORKING POC
NorthStar C2 XSS to Agent RCE
Cross Site Scripting vulnerability in EginDemirbilek NorthStar C2 v1 allows a remote attacker to execute arbitrary code via the login.php component.
CVSS 8.8
CVE-2018-1335 METASPLOIT HIGH ruby WORKING POC
Apache Tika <1.18 - Command Injection
From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. The mitigation is to upgrade to Tika 1.18.
CVSS 8.1
CVE-2025-34109 METASPLOIT HIGH ruby WORKING POC
Panda Security Products <16.1.2 - Code Injection
PSEvents.exe in multiple Panda Security products runs hourly with SYSTEM privileges and loads DLL files from a user-writable directory without proper validation. An attacker with low-privileged access who can write DLL files to the monitored directory can achieve arbitrary code execution with SYSTEM privileges. Affected products include Panda Global Protection 2016, Panda Antivirus Pro 2016, Panda Small Business Protection, and Panda Internet Security 2016 (all versions up to 16.1.2).
CVE-2023-34468 METASPLOIT HIGH ruby WORKING POC
Apache Nifi < 1.22.0 - Code Injection
The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution. The resolution validates the Database URL and rejects H2 JDBC locations. You are recommended to upgrade to version 1.22.0 or later which fixes this issue.
CVSS 8.8
CVE-2018-1000859 METASPLOIT ruby WORKING POC
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-19518. Reason: This candidate is a reservation duplicate of CVE-2018-19518. Notes: All CVE users should reference CVE-2018-19518 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
CVE-2014-6271 METASPLOIT CRITICAL ruby WORKING POC
Apache mod_cgi Bash Environment Variable Code Injection (Shellshock)
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
CVSS 9.8
CVE-2024-31839 METASPLOIT MEDIUM ruby WORKING POC
CHAOS 5.0.1 - XSS
Cross Site Scripting vulnerability in tiagorlampert CHAOS v.5.0.1 allows a remote attacker to escalate privileges via the sendCommandHandler function in the handler.go component.
CVSS 4.8
CVE-2023-49070 METASPLOIT CRITICAL ruby WORKING POC
Apache Ofbiz <18.12.10 - RCE
Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10.  Users are recommended to upgrade to version 18.12.10
CVSS 9.8
CVE-2025-34117 METASPLOIT CRITICAL ruby WORKING POC
Netcore/Netis <Aug 2014 - RCE
A remote code execution vulnerability exists in multiple Netcore and Netis routers models with firmware released prior to August 2014 due to the presence of an undocumented backdoor listener on UDP port 53413. Exact version boundaries remain undocumented. An unauthenticated remote attacker can send specially crafted UDP packets to execute arbitrary commands on the affected device. This backdoor uses a hardcoded authentication mechanism and accepts shell commands post-authentication. Some device models include a non-standard implementation of the `echo` command, which may affect exploitability.
CVE-2024-42365 METASPLOIT HIGH ruby WORKING POC
Asterisk < 18.24.2 - Remote Code Execution
Asterisk is an open source private branch exchange (PBX) and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with `write=originate` may change all configuration files in the `/etc/asterisk/` directory. This occurs because they are able to curl remote files and write them to disk, but are also able to append to existing files using the `FILE` function inside the `SET` application. This issue may result in privilege escalation, remote code execution and/or blind server-side request forgery with arbitrary protocol. Asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2 contain a fix for this issue.
CVSS 7.4
CVE-2017-12478 METASPLOIT CRITICAL ruby WORKING POC
Unitrends UEB http api remote code execution
It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of its input parameters was not validated. A remote attacker could use this flaw to bypass authentication and execute arbitrary commands with root privilege on the target system.
CVSS 9.8
CVE-2023-38646 METASPLOIT CRITICAL ruby WORKING POC
Metabase <0.46.6.1-1.46.6.1 - RCE
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.
CVSS 9.8
CVE-2020-8260 METASPLOIT HIGH ruby WORKING POC
Pulse Connect Secure <9.1R9 - Authenticated RCE
A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction.
CVSS 7.2
CVE-2019-7609 METASPLOIT CRITICAL ruby WORKING POC
Kibana Timelion Prototype Pollution RCE
Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.
CVSS 10.0
CVE-2020-7012 METASPLOIT HIGH ruby WORKING POC
Elastic Kibana < 6.8.8 - Code Injection
Kibana versions 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 contain a prototype pollution flaw in the Upgrade Assistant. An authenticated attacker with privileges to write to the Kibana index could insert data that would cause Kibana to execute arbitrary code. This could possibly lead to an attacker executing code with the permissions of the Kibana process on the host system.
CVSS 8.8
CVE-2017-15889 METASPLOIT HIGH ruby WORKING POC
Synology Diskstation Manager < 5.2-5967-5 - Command Injection
Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2-5967-5 allows remote authenticated users to execute arbitrary commands via disk field.
CVSS 8.8
CVE-2020-7357 METASPLOIT CRITICAL ruby WORKING POC
Cayintech Cms-se Firmware - OS Command Injection
Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the 'NTP_Server_IP' HTTP POST parameter in system.cgi page. This issue affects several branches and versions of the CMS application, including CME-SE, CMS-60, CMS-40, CMS-20, and CMS version 8.2, 8.0, and 7.5.
CVSS 9.6
CVE-2023-39265 METASPLOIT LOW ruby WORKING POC
Apache Superset < 2.1.0 - Improper Input Validation
Apache Superset would allow for SQLite database connections to be incorrectly registered when an attacker uses alternative driver names like sqlite+pysqlite or by using database imports. This could allow for unexpected file creation on Superset webservers. Additionally, if Apache Superset is using a SQLite database for its metadata (not advised for production use) it could result in more severe vulnerabilities related to confidentiality and integrity. This vulnerability exists in Apache Superset versions up to and including 2.1.0.
CVSS 3.8
CVE-2025-34115 METASPLOIT HIGH ruby WORKING POC
OP5 Monitor <7.1.9 - Command Injection
An authenticated command injection vulnerability exists in OP5 Monitor through version 7.1.9 via the 'cmd_str' parameter in the command_test.php endpoint. A user with access to the web interface can exploit the 'Test this command' feature to execute arbitrary shell commands as the unprivileged web application user. The vulnerability resides in the configuration section of the application and requires valid login credentials with access to the command testing functionality. This issue is fixed in version 7.2.0.