mr_me

214 exploits Active since Dec 2002
EIP-2026-109252 EXPLOITDB python WORKING POC
Maian Gallery 2 - Local File Download
EIP-2026-109263 EXPLOITDB php WORKING POC
Maian Weblog 4.0 - Blind SQL Injection
CVE-2011-0518 EXPLOITDB python WORKING POC
LotusCMS Fraise 3.0 - Path Traversal and Arbitrary Local File Inclusion via System Parameter
Directory traversal vulnerability in core/lib/router.php in LotusCMS Fraise 3.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via the system parameter to index.php.
EIP-2026-108585 EXPLOITDB ruby WORKING POC
Joomla! Component com_virtuemart 1.1.7/1.5 - Blind SQL Injection (Metasploit)
EIP-2026-108598 EXPLOITDB python WORKING POC
Joomla! Component com_xcloner-backupandrestore - Remote Command Execution
EIP-2026-108584 EXPLOITDB python WORKING POC
Joomla! Component com_virtuemart 1.1.7 - Blind SQL Injection
EIP-2026-108033 EXPLOITDB python WORKING POC
JAKCMS 2.01 RC1 - Blind SQL Injection
EIP-2026-108032 EXPLOITDB python WORKING POC
JAKCMS 2.01 - Code Execution
CVE-2011-5130 EXPLOITDB php WORKING POC
Family Connections CMS 2.5.0-2.7.1 - Remote Code Execution via dev/less.php argv[1] Parameter
dev/less.php in Family Connections CMS (FCMS) 2.5.0 - 2.7.1, when register_globals is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the argv[1] parameter.
CVE-2011-5130 EXPLOITDB ruby WORKING POC
Family Connections CMS 2.5.0-2.7.1 - Remote Code Execution via dev/less.php argv[1] Parameter
dev/less.php in Family Connections CMS (FCMS) 2.5.0 - 2.7.1, when register_globals is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the argv[1] parameter.
CVE-2011-5135 EXPLOITDB php WORKING POC
DoceboLMS < 4.0.4 - Authenticated SQL Injection via coursereportuiconfig Parameters
Multiple SQL injection vulnerabilities in the save_connection function in lib/lib.iotask.php in the iotask module in DoceboLMS 4.0.4 and earlier allow remote authenticated users with admin or teacher privileges to execute arbitrary SQL commands via the (1) coursereportuiconfig[name] or (2) coursereportuiconfig[description] parameters to index.php.
EIP-2026-106121 EXPLOITDB python WORKING POC
Concrete CMS 5.4.1.1 - Cross-Site Scripting / Remote Code Execution
EIP-2026-105836 EXPLOITDB text WORKING POC
Chipmunk NewsLetter - Persistent Cross-Site Scripting
CVE-2016-2539 EXPLOITDB HIGH javascript WORKING POC
ATutor < 2.2.1 - Cross-Site Request Forgery via install_modules.php
Cross-site request forgery (CSRF) vulnerability in install_modules.php in ATutor before 2.2.2 allows remote attackers to hijack the authentication of users for requests that upload arbitrary files and execute arbitrary PHP code via vectors involving a crafted zip file.
CVSS 8.8
EIP-2026-105164 EXPLOITDB python WORKING POC
amoeba CMS 1.01 - Multiple Vulnerabilities
CVE-2012-6554 EXPLOITDB ruby WORKING POC
activeCollab Chat Module < 1.5.2 - Authenticated Remote Code Execution via Message Text Parameter
functions/html_to_text.php in the Chat module before 1.5.2 for activeCollab allows remote authenticated users to execute arbitrary PHP code via the message[message_text] parameter to chat/add_messag, which is not properly handled when executing the preg_replace function with the eval switch.
CVE-2017-18357 EXPLOITDB MEDIUM ruby WORKING POC
Shopware < 5.3.4 - PHP Object Instantiation and XXE via ProductStream Controller
Shopware before 5.3.4 has a PHP Object Instantiation issue via the sort parameter to the loadPreviewAction() method of the Shopware_Controllers_Backend_ProductStream controller, with resultant XXE via instantiation of a SimpleXMLElement object.
CVSS 6.5
EIP-2026-104740 EXPLOITDB python WORKING POC
Lepide Auditor Suite - 'createdb()' Web Console Database Injection / Remote Code Execution
CVE-2018-15576 EXPLOITDB HIGH php WORKING POC
EasyLogin Pro < 1.3.0 - Remote Code Execution via Encryptor.php Unserialize
An issue was discovered in EasyLogin Pro through 1.3.0. Encryptor.php contains an unserialize call that can be exploited for remote code execution in the decrypt function, if the attacker knows the key.
CVSS 8.1
CVE-2016-2555 EXPLOITDB CRITICAL ruby WORKING POC
ATutor 2.2.1 - SQL Injection via searchFriends Function
SQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary SQL commands via the searchFriends function to friends.inc.php.
CVSS 9.8
EIP-2026-104713 EXPLOITDB ruby WORKING POC
ATutor 2.2.1 - Directory Traversal / Remote Code Execution (Metasploit)
EIP-2026-104694 EXPLOITDB python WORKING POC
Castripper 2.50.70 - '.pls' File Stack Buffer Overflow (DEP Bypass)
EIP-2026-104322 EXPLOITDB python WRITEUP
ManageEngine Desktop Central - 'FileStorage getChartImage' Deserialization / Unauthenticated Remote Code Execution
CVE-2016-0752 EXPLOITDB HIGH ruby WORKING POC
Ruby on Rails Dynamic Render File Upload Remote Code Execution
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.
CVSS 7.5
CVE-2020-10189 EXPLOITDB CRITICAL ruby WORKING POC
ManageEngine Desktop Central < 10.0.479 - Remote Code Execution via Java Deserialization in FileStorage
Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. This is related to the CewolfServlet and MDMLogUploaderServlet servlets.
CVSS 9.8