jheysel-r7

54 exploits Active since Sep 2020
CVE-2021-3560 NOMISEC HIGH WORKING POC
polkit < 0.119 - Unauthenticated Privilege Escalation via D-Bus Request
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
9 stars
CVSS 7.8
CVE-2024-38856 METASPLOIT CRITICAL ruby WORKING POC
Apache OFBiz forgotPassword/ProgramExport RCE
Incorrect Authorization vulnerability in Apache OFBiz. This issue affects Apache OFBiz: through 18.12.14. Users are recommended to upgrade to version 18.12.15, which fixes the issue. Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met (such as when the screen definitions don't explicitly check user's permissions because they rely on the configuration of their endpoints).
CVSS 9.8
CVE-2024-39205 METASPLOIT CRITICAL ruby WORKING POC
pyload-ng v0.5.0b3.dev85 - Remote Code Execution via Crafted HTTP Request
An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via a crafted HTTP request.
CVSS 9.8
CVE-2023-6553 EXPLOITDB CRITICAL text WORKING POC
WordPress Backup Migration Plugin PHP Filter Chain RCE
The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated attackers to easily execute code on the server.
CVSS 9.8
CVE-2022-43769 METASPLOIT HIGH ruby WORKING POC
Pentaho Business Server Auth Bypass and Server Side Template Injection RCE
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream.
CVSS 8.8
CVE-2024-34102 METASPLOIT CRITICAL ruby WORKING POC
Adobe Commerce and Magento - XML External Entity Injection to Code Execution
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.
CVSS 9.8
CVE-2024-57727 METASPLOIT HIGH ruby WORKING POC
SimpleHelp Path Traversal Vulnerability CVE-2024-57727
SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing various secrets and hashed user passwords.
CVSS 7.5
CVE-2023-5350 METASPLOIT CRITICAL ruby WORKING POC
SuiteCRM < 7.14.1 - SQL Injection
SQL Injection in GitHub repository salesagility/suitecrm prior to 7.14.1.
CVSS 9.1
CVE-2022-31814 METASPLOIT CRITICAL ruby WORKING POC
pfBlockerNG < 2.1.4_26 - Remote Code Execution via HTTP Host Header
pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected.
CVSS 9.8
CVE-2022-0739 METASPLOIT CRITICAL ruby WORKING POC
Wordpress BookingPress bookingpress_front_get_category_services SQLi
The BookingPress WordPress plugin before 1.0.11 fails to properly sanitize user supplied POST data before it is used in a dynamically constructed SQL query via the bookingpress_front_get_category_services AJAX action (available to unauthenticated users), leading to an unauthenticated SQL Injection
CVSS 9.8
CVE-2025-30406 METASPLOIT CRITICAL ruby WORKING POC
Gladinet CentreStack < 16.4.10315.56368 Use of Hard-coded Key Leads to Unauthenticated RCE
Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors (who know the machineKey) to serialize a payload for server-side deserialization to achieve remote code execution. NOTE: a CentreStack admin can manually delete the machineKey defined in portal\web.config.
CVSS 9.0
CVE-2024-20767 METASPLOIT HIGH ruby WORKING POC
CVE-2024-20767 - Adobe Coldfusion Arbitrary File Read
ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this vulnerability to access or modify restricted files. Exploitation of this issue does not require user interaction. Exploitation of this issue requires the admin panel be exposed to the internet.
CVSS 7.4
CVE-2025-24799 METASPLOIT HIGH ruby WORKING POC
GLPI 10.0.0-10.0.17 - Unauthenticated SQL Injection via Inventory Endpoint
GLPI is a free asset and IT management software package. An unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fixed in 10.0.18.
CVSS 7.5
CVE-2022-26352 METASPLOIT CRITICAL ruby WORKING POC
dotcms 3.0-22.02 - Unauthenticated Path Traversal and Remote Code Execution via ContentResource API
An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can craft a multipart form request to post a file whose filename is not initially sanitized. This allows directory traversal, in which the file is saved outside of the intended storage location. If anonymous content creation is enabled, this allows an unauthenticated attacker to upload an executable file, such as a .jsp file, that can lead to remote code execution.
CVSS 9.8
CVE-2022-24706 METASPLOIT CRITICAL ruby WORKING POC
Apache Couchdb Erlang RCE
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations.
CVSS 9.8
CVE-2022-43939 METASPLOIT HIGH ruby WORKING POC
Hitachi Vantara Pentaho <9.4.0.1-9.3.0.2 - SSRF
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be circumvented.
CVSS 8.6
CVE-2023-22518 METASPLOIT CRITICAL ruby WORKING POC
Atlassian Confluence Unauth JSON setup-restore Improper Authorization leading to RCE (CVE-2023-22518)
All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account. Using this account, an attacker can then perform all administrative actions that are available to Confluence instance administrator leading to - but not limited to - full loss of confidentiality, integrity and availability.  Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
CVSS 9.8
CVE-2021-35464 METASPLOIT CRITICAL ruby WORKING POC
ForgeRock Access Management < 6.5.4 & OpenAM 9.0.0-14.6.3 - RCE via Jato PageSession Deserialization
ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/* request to the server. The vulnerability exists due to the usage of Sun ONE Application Framework (JATO) found in versions of Java 8 or earlier
CVSS 9.8
CVE-2025-52691 METASPLOIT CRITICAL ruby WORKING POC
SmarterMail < 100.0.9413 - Unauthenticated Arbitrary File Upload and Remote Code Execution
Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.
CVSS 10.0
CVE-2023-6553 METASPLOIT CRITICAL ruby WORKING POC
WordPress Backup Migration Plugin PHP Filter Chain RCE
The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated attackers to easily execute code on the server.
CVSS 9.8
CVE-2024-32113 METASPLOIT CRITICAL ruby WORKING POC
Apache OFBiz <18.12.13 - Path Traversal
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13. Users are recommended to upgrade to version 18.12.13, which fixes the issue.
CVSS 9.8
CVE-2023-33246 METASPLOIT CRITICAL ruby WORKING POC
Apache RocketMQ update config RCE
For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution.  Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content.  To prevent these attacks, users are recommended to upgrade to version 5.1.1 or above for using RocketMQ 5.x or 4.9.6 or above for using RocketMQ 4.x .
CVSS 9.8
CVE-2024-36401 METASPLOIT CRITICAL ruby WORKING POC
Geoserver unauthenticated Remote Code Execution
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions. The GeoTools library API that GeoServer calls evaluates property/attribute names for feature types in a way that unsafely passes them to the commons-jxpath library which can execute arbitrary code when evaluating XPath expressions. This XPath evaluation is intended to be used only by complex feature types (i.e., Application Schema data stores) but is incorrectly being applied to simple feature types as well which makes this vulnerability apply to **ALL** GeoServer instances. No public PoC is provided but this vulnerability has been confirmed to be exploitable through WFS GetFeature, WFS GetPropertyValue, WMS GetMap, WMS GetFeatureInfo, WMS GetLegendGraphic and WPS Execute requests. This vulnerability can lead to executing arbitrary code. Versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2 contain a patch for the issue. A workaround exists by removing the `gt-complex-x.y.jar` file from the GeoServer where `x.y` is the GeoTools version (e.g., `gt-complex-31.1.jar` if running GeoServer 2.25.1). This will remove the vulnerable code from GeoServer but may break some GeoServer functionality or prevent GeoServer from deploying if the gt-complex module is needed.
CVSS 9.8
CVE-2025-2945 METASPLOIT CRITICAL ruby WORKING POC
pgAdmin Query Tool authenticated RCE (CVE-2025-2945)
Remote Code Execution security vulnerability in pgAdmin 4 (Query Tool and Cloud Deployment modules). The vulnerability is associated with the 2 POST endpoints; /sqleditor/query_tool/download, where the query_commited parameter and /cloud/deploy endpoint, where the high_availability parameter is unsafely passed to the Python eval() function, allowing arbitrary code execution. This issue affects pgAdmin 4: before 9.2.
CVSS 9.9
CVE-2024-44000 METASPLOIT CRITICAL ruby WORKING POC
LiteSpeed Cache < 6.5.0.1 - Unauthenticated Authentication Bypass via Insufficiently Protected Credentials
Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Authentication Bypass.This issue affects LiteSpeed Cache: from n/a through < 6.5.0.1.
CVSS 9.8