h00die

198 exploits Active since Jul 1997
CVE-2019-11631 METASPLOIT ruby WORKING POC
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
CVE-2022-41034 METASPLOIT HIGH ruby WORKING POC
Visual Studio Code < 1.72.1 - Remote Code Execution
Visual Studio Code Remote Code Execution Vulnerability
CVSS 7.8
CVE-2016-6253 METASPLOIT HIGH ruby WORKING POC
NetBSD <7.0 - Local Privilege Escalation
mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or append data to arbitrary files on the target system via a symlink attack on the user mailbox.
CVSS 7.8
CVE-2025-34077 METASPLOIT CRITICAL ruby WORKING POC
WordPress Pie Register <3.7.1.4 - Auth Bypass
An authentication bypass vulnerability exists in the WordPress Pie Register plugin ≤ 3.7.1.4 that allows unauthenticated attackers to impersonate arbitrary users by submitting a crafted POST request to the login endpoint. By setting social_site=true and manipulating the user_id_social_site parameter, an attacker can generate a valid WordPress session cookie for any user ID, including administrators. Once authenticated, the attacker may exploit plugin upload functionality to install a malicious plugin containing arbitrary PHP code, resulting in remote code execution on the underlying server.
CVE-2020-5741 METASPLOIT HIGH ruby WORKING POC
Plex Media Server < 1.19.3 - Authenticated Remote Code Execution via Unpickle Deserialization
Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code.
CVSS 7.2
CVE-2016-10225 METASPLOIT HIGH ruby WORKING POC
Allwinner linux-3.4-sunxi - Local Privilege Escalation via sunxi_debug Procfs Interface
The sunxi-debug driver in Allwinner 3.4 legacy kernel for H3, A83T and H8 devices allows local users to gain root privileges by sending "rootmydevice" to /proc/sunxi_debug/sunxi_debug.
CVSS 7.8
CVE-2023-46944 METASPLOIT HIGH ruby WORKING POC
GitKraken GitLens < 14.0.0 - Remote Code Execution via Workspace Trust Component
An issue in GitKraken GitLens before v.14.0.0 allows an attacker to execute arbitrary code via a crafted file to the Visual Studio Codes workspace trust component.
CVSS 7.8
CVE-2022-3365 METASPLOIT CRITICAL ruby WORKING POC
Remote Mouse Server <4.110 - Command Injection
Due to reliance on a trivial substitution cipher, sent in cleartext, and the reliance on a default password when the user does not set a password, the Remote Mouse Server by Emote Interactive can be abused by attackers to inject OS commands over theproduct's custom control protocol. A Metasploit module was written and tested against version 4.110, the current version when this CVE was reserved.
CVSS 9.8
CVE-2022-4978 METASPLOIT CRITICAL ruby WORKING POC
Remote Control Server 3.1.1.12 - RCE
Remote Control Server, maintained by Steppschuh, 3.1.1.12 allows unauthenticated remote code execution when authentication is disabled, which is the default configuration. The server exposes a custom UDP-based control protocol that accepts remote keyboard input events without verification. An attacker on the same network can issue a sequence of keystroke commands to launch a system shell and execute arbitrary commands, resulting in full system compromise.
CVE-2022-3218 METASPLOIT CRITICAL ruby WORKING POC
Necta WiFi Mouse Server - Remote Code Execution via Client-Side Authentication Bypass
Due to a reliance on client-side authentication, the WiFi Mouse (Mouse Server) from Necta LLC's authentication mechanism is trivially bypassed, which can result in remote code execution.
CVSS 9.8
CVE-2022-3229 METASPLOIT CRITICAL ruby WORKING POC
Unified Remote < 3.11.0.2483 - Unauthenticated Remote Code Execution via Web Management Interface
Because the web management interface for Unified Intents' Unified Remote solution does not itself require authentication, a remote, unauthenticated attacker can change or disable authentication requirements for the Unified Remote protocol, and leverage this now-unauthenticated access to run code of the attacker's choosing.
CVSS 9.8
CVE-2023-31902 METASPLOIT CRITICAL ruby WORKING POC
RPA Technology Mobile Mouse 3.6.0.4 - RCE
RPA Technology Mobile Mouse 3.6.0.4 is vulnerable to Remote Code Execution (RCE).
CVSS 9.8
CVE-2020-7356 METASPLOIT CRITICAL ruby WORKING POC
CAYIN xPost - Unauthenticated SQL Injection via wayfinder_seqid Parameter
CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter 'wayfinder_seqid' in wayfinder_meeting_input.jsp is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and execute SYSTEM commands.
CVSS 10.0
CVE-2018-1335 METASPLOIT HIGH ruby WORKING POC
Apache Tika <1.18 - Command Injection
From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. The mitigation is to upgrade to Tika 1.18.
CVSS 8.1
CVE-2024-28741 METASPLOIT HIGH ruby WORKING POC
NorthStar C2 XSS to Agent RCE
Cross Site Scripting vulnerability in EginDemirbilek NorthStar C2 v1 allows a remote attacker to execute arbitrary code via the login.php component.
CVSS 8.8
CVE-2025-34109 METASPLOIT HIGH ruby WORKING POC
Panda Security Products <16.1.2 - Code Injection
PSEvents.exe in multiple Panda Security products runs hourly with SYSTEM privileges and loads DLL files from a user-writable directory without proper validation. An attacker with low-privileged access who can write DLL files to the monitored directory can achieve arbitrary code execution with SYSTEM privileges. Affected products include Panda Global Protection 2016, Panda Antivirus Pro 2016, Panda Small Business Protection, and Panda Internet Security 2016 (all versions up to 16.1.2).
CVE-2023-49070 METASPLOIT CRITICAL ruby WORKING POC
Apache OFBiz < 18.12.10 - Unauthenticated Remote Code Execution via XML-RPC
Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10.  Users are recommended to upgrade to version 18.12.10
CVSS 9.8
CVE-2025-34117 METASPLOIT CRITICAL ruby WORKING POC
Netcore and Netis Router Firmware - Unauthenticated Remote Code Execution via UDP Port 53413 Backdoor
A remote code execution vulnerability exists in multiple Netcore and Netis routers models with firmware released prior to August 2014 due to the presence of an undocumented backdoor listener on UDP port 53413. Exact version boundaries remain undocumented. An unauthenticated remote attacker can send specially crafted UDP packets to execute arbitrary commands on the affected device. This backdoor uses a hardcoded authentication mechanism and accepts shell commands post-authentication. Some device models include a non-standard implementation of the `echo` command, which may affect exploitability.
CVE-2024-42365 METASPLOIT HIGH ruby WORKING POC
Asterisk < 18.24.2 - Remote Code Execution
Asterisk is an open source private branch exchange (PBX) and telephony toolkit. Prior to asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2, an AMI user with `write=originate` may change all configuration files in the `/etc/asterisk/` directory. This occurs because they are able to curl remote files and write them to disk, but are also able to append to existing files using the `FILE` function inside the `SET` application. This issue may result in privilege escalation, remote code execution and/or blind server-side request forgery with arbitrary protocol. Asterisk versions 18.24.2, 20.9.2, and 21.4.2 and certified-asterisk versions 18.9-cert11 and 20.7-cert2 contain a fix for this issue.
CVSS 7.4
CVE-2023-34468 METASPLOIT HIGH ruby WORKING POC
Apache NiFi 0.0.2-1.21.0 - Authenticated Remote Code Execution via H2 JDBC Database URL
The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution. The resolution validates the Database URL and rejects H2 JDBC locations. You are recommended to upgrade to version 1.22.0 or later which fixes this issue.
CVSS 8.8
CVE-2018-1000859 METASPLOIT ruby WORKING POC
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-19518. Reason: This candidate is a reservation duplicate of CVE-2018-19518. Notes: All CVE users should reference CVE-2018-19518 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
CVE-2014-6271 METASPLOIT CRITICAL ruby WORKING POC
Apache mod_cgi Bash Environment Variable Code Injection (Shellshock)
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
CVSS 9.8
CVE-2024-31839 METASPLOIT MEDIUM ruby WORKING POC
tiagorlampert CHAOS 5.0.1 - Cross-Site Scripting via sendCommandHandler
Cross Site Scripting vulnerability in tiagorlampert CHAOS v.5.0.1 allows a remote attacker to escalate privileges via the sendCommandHandler function in the handler.go component.
CVSS 4.8
CVE-2019-7609 METASPLOIT CRITICAL ruby WORKING POC
Kibana Timelion Prototype Pollution RCE
Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.
CVSS 10.0
CVE-2023-38646 METASPLOIT CRITICAL ruby WORKING POC
Metabase < 0.46.6.1 and < 1.46.6.1 - Unauthenticated Remote Code Execution
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.
CVSS 9.8