mr_me

214 exploits Active since Dec 2002
CVE-2020-10189 NOMISEC CRITICAL WORKING POC
ManageEngine Desktop Central < 10.0.479 - Remote Code Execution via Java Deserialization in FileStorage
Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. This is related to the CewolfServlet and MDMLogUploaderServlet servlets.
2 stars
CVSS 9.8
CVE-2019-12799 METASPLOIT HIGH ruby WORKING POC
Shopware 5.3.0-5.6.x - Remote Code Execution via PHP Object Instantiation Bypass
In createInstanceFromNamedArguments in Shopware through 5.6.x, a crafted web request can trigger a PHP object instantiation vulnerability, which can result in an arbitrary deserialization if the right class is instantiated. An attacker can leverage this deserialization to achieve remote code execution. NOTE: this issue is a bypass for a CVE-2017-18357 whitelist patch.
CVSS 8.8
CVE-2017-11392 METASPLOIT HIGH ruby WORKING POC
Trend Micro InterScan Messaging Security Virtual Appliance 9.0-9.1 - RCE via modTMCSS Proxy
Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the "T" parameter within modTMCSS Proxy. Formerly ZDI-CAN-4745.
CVSS 8.8
CVE-2017-7896 METASPLOIT MEDIUM ruby WORKING POC
Trend Micro InterScan Messaging Security Virtual Appliance < 9.1 - Cross-Site Scripting
Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 before CP 1644 has XSS.
CVSS 6.1
CVE-2016-2555 METASPLOIT CRITICAL ruby WORKING POC
ATutor 2.2.1 - SQL Injection via searchFriends Function
SQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary SQL commands via the searchFriends function to friends.inc.php.
CVSS 9.8
CVE-2016-7552 METASPLOIT CRITICAL ruby WORKING POC
Trend Micro Threat Discovery Appliance 2.6.1062r1 - Path Traversal & File Deletion via Session ID
On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory traversal when processing a session_id cookie allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS.
CVSS 9.8
CVE-2018-9958 METASPLOIT HIGH ruby WORKING POC
Foxit Reader and PhantomPDF < 9.0.1.1049 - Remote Code Execution via Text Annotation Point Attribute
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Text Annotations. When setting the point attribute, the process does not properly validate the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5620.
CVSS 8.8
CVE-2008-4192 EXPLOITDB ruby WORKING POC
cman 2.20080629 and 2.20080801 - Arbitrary File Write via Symlink Attack on /tmp/eglog
The pserver_shutdown function in fence_egenera in cman 2.20080629 and 2.20080801 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/eglog temporary file.
CVE-2009-4595 EXPLOITDB WRITEUP
PHP Inventory 1.2 - Authenticated SQL Injection via sup_id Parameter
SQL injection vulnerability in index.php in PHP Inventory 1.2 allows remote authenticated users to execute arbitrary SQL commands via the sup_id parameter in a suppliers details action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2019-15977 EXPLOITDB HIGH python WORKING POC
Cisco Data Center Network Manager < 11.3(1) - Unauthenticated Authentication Bypass via Hard-coded Credentials
Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
CVSS 7.5
CVE-2019-15976 EXPLOITDB CRITICAL python WORKING POC
Cisco Data Center Network Manager < 11.3(1) - Unauthenticated Authentication Bypass via Hard-coded Credentials
Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
CVSS 9.8
CVE-2018-9948 EXPLOITDB MEDIUM ruby WORKING POC
Foxit PDF Reader Pointer Overwrite UAF
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of typed arrays. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5380.
CVSS 6.5
CVE-2018-9948 EXPLOITDB MEDIUM text WORKING POC
Foxit PDF Reader Pointer Overwrite UAF
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of typed arrays. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5380.
CVSS 6.5
CVE-2017-12500 EXPLOITDB HIGH ruby WORKING POC
HPE Intelligent Management Center PLAT 7.3 (E0504) - Remote Code Execution
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version.
CVSS 8.8
CVE-2012-10055 EXPLOITDB CRITICAL ruby WORKING POC
ComSndFTP FTP Server <1.3.7 Beta - Code Injection
ComSndFTP FTP Server version 1.3.7 Beta contains a format string vulnerability in its handling of the USER command. By sending a specially crafted username containing format specifiers, a remote attacker can overwrite a hardcoded function pointer in memory (specifically WSACleanup from Ws2_32.dll). This allows the attacker to redirect execution flow and bypass DEP protections using a ROP chain, ultimately leading to arbitrary code execution. The vulnerability is exploitable without authentication and affects default configurations.
CVE-2011-5196 EXPLOITDB python WORKING POC
Open Journal Systems < 2.3.6 - Cross-Site Request Forgery via File Upload
Cross-site request forgery (CSRF) vulnerability in index/manager/fileUpload in Public Knowledge Project Open Journal Systems 2.3.6 and earlier allows remote attackers to hijack the authentication of administrators for requests that upload PHP files.
CVE-2011-5195 EXPLOITDB python WORKING POC
Open Conference Systems < 2.3.4 - Cross-Site Request Forgery via File Upload
Cross-site request forgery (CSRF) vulnerability in index/manager/fileUpload in Public Knowledge Project Open Conference Systems 2.3.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that upload a PHP file.
CVE-2011-3490 EXPLOITDB ruby WORKING POC
Measuresoft ScadaPro <4.0.0 - Buffer Overflow
Multiple stack-based buffer overflows in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long command to port 11234, as demonstrated with the TF command.
CVE-2010-5193 EXPLOITDB ruby WORKING POC
Viscom Image Viewer CP Pro/Gold <8.0-6.0 - Buffer Overflow
Stack-based buffer overflow in the TIFMergeMultiFiles function in the SCRIBBLE.ScribbleCtrl.1 ActiveX control (ImageViewer2.ocx) in Viscom Image Viewer CP Pro 8.0 and Gold 6.0 allows remote attackers to execute arbitrary code via a long strDelimit parameter.
CVE-2010-4913 EXPLOITDB python WORKING POC
ColdGen ColdUserGroup 1.06 - Cross-Site Scripting via Search Keywords Parameter
Cross-site scripting (XSS) vulnerability in the search feature in ColdGen ColdUserGroup 1.06 allows remote attackers to inject arbitrary web script or HTML via the Keywords parameter. NOTE: some of these details are obtained from third party information.
CVE-2009-4596 EXPLOITDB text WRITEUP
PHP Inventory 1.2 - Cross-Site Scripting via sup_id Parameter
Cross-site scripting (XSS) vulnerability in index.php in PHP Inventory 1.2 allows remote attackers to inject arbitrary web script or HTML via the sup_id parameter in a suppliers details action.
CVE-2019-15975 METASPLOIT CRITICAL ruby WORKING POC
Cisco Data Center Network Manager < 11.3(1) - Unauthenticated Remote Code Execution via Authentication Bypass
Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
CVSS 9.8
CVE-2012-6554 METASPLOIT ruby WORKING POC
activeCollab Chat Module < 1.5.2 - Authenticated Remote Code Execution via Message Text Parameter
functions/html_to_text.php in the Chat module before 1.5.2 for activeCollab allows remote authenticated users to execute arbitrary PHP code via the message[message_text] parameter to chat/add_messag, which is not properly handled when executing the preg_replace function with the eval switch.
CVE-2021-21972 METASPLOIT CRITICAL ruby WORKING POC
VMware vCenter Server and Cloud Foundation - Remote Code Execution via vSphere Client Plugin
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).
CVSS 9.8
CVE-2017-18357 METASPLOIT MEDIUM ruby WORKING POC
Shopware < 5.3.4 - PHP Object Instantiation and XXE via ProductStream Controller
Shopware before 5.3.4 has a PHP Object Instantiation issue via the sort parameter to the loadPreviewAction() method of the Shopware_Controllers_Backend_ProductStream controller, with resultant XXE via instantiation of a SimpleXMLElement object.
CVSS 6.5