mr_me

214 exploits Active since Dec 2002
EIP-2026-103233 EXPLOITDB python WORKING POC
Trend Micro Threat Discovery Appliance 2.6.1062r1 - 'dlp_policy_upload.cgi' Remote Code Execution
CVE-2019-1821 EXPLOITDB HIGH python WORKING POC
Cisco Prime Infrastructure/EPN Manager - RCE
A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system.
CVSS 8.8
CVE-2014-7205 EXPLOITDB ruby WORKING POC
hapi Server Framework - Code Injection
Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for the hapi server framework for Node.js allows remote attackers to execute arbitrary Javascript code via unspecified vectors.
EIP-2026-102664 EXPLOITDB text WRITEUP
Linux NTP query client 4.2.6p1 - Heap Overflow
CVE-2010-0496 EXPLOITDB python WORKING POC
FreeBit ServersMan 3.1.5 - Denial of Service via HEAD Request
FreeBit ServersMan 3.1.5 on Apple iPhone OS 3.1.2, and iPhone OS for iPod touch, allows remote attackers to cause a denial of service (daemon crash) via a HEAD request for the / URI.
EIP-2026-102516 EXPLOITDB python WORKING POC
Openedit 5.1294 - Remote Code Execution
EIP-2026-102506 EXPLOITDB python WORKING POC
MeshCMS 3.5 - Remote Code Execution
CVE-2019-15978 EXPLOITDB HIGH python WORKING POC
Cisco Data Center Network Manager < 11.3(1) - Authenticated OS Command Injection via REST and SOAP API
Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with administrative privileges on the DCNM application to inject arbitrary commands on the underlying operating system (OS). For more information about these vulnerabilities, see the Details section of this advisory. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one.
CVSS 7.2
CVE-2019-15984 EXPLOITDB HIGH python WORKING POC
Cisco Data Center Network Manager < 11.3(1) - Authenticated SQL Injection via REST and SOAP API
Multiple vulnerabilities in the REST and SOAP API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. To exploit these vulnerabilities, an attacker would need administrative privileges on the DCNM application. For more information about these vulnerabilities, see the Details section of this advisory. Note: The severity of these vulnerabilities is aggravated by the vulnerabilities described in the Cisco Data Center Network Manager Authentication Bypass Vulnerabilities advisory, published simultaneously with this one.
CVSS 7.2
CVE-2019-15975 EXPLOITDB CRITICAL python WORKING POC
Cisco Data Center Network Manager < 11.3(1) - Unauthenticated Remote Code Execution via Authentication Bypass
Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
CVSS 9.8
EIP-2026-102172 EXPLOITDB python WORKING POC
iOS Udisk FTP Basic Edition - Remote Denial of Service
EIP-2026-101462 EXPLOITDB python WORKING POC
Synology Photo Station 6.8.2-3461 - 'SYNOPHOTO_Flickr_MultiUpload' Race Condition File Write Remote Code Execution
CVE-2011-1055 EXPLOITDB python WORKING POC
lingxia_i.c.e_cms 1.0 - SQL Injection via session.user_id Parameter
SQL injection vulnerability in api/ice_media.cfc in Lingxia I.C.E CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the session.user_id parameter to media.cfm.
CVE-2010-3468 EXPLOITDB text WRITEUP
Mura CMS <5.1.498-5.2.2809 & Sava CMS 5-5.2 - Path Traversal
Directory traversal vulnerability in fileManager.cfc in Mura CMS 5.1 before 5.1.498 and 5.2 before 5.2.2809, and Sava CMS 5 through 5.2, allows remote attackers to read arbitrary files via a .. (dot dot) in the FILEID parameter to the default URI under tasks/render/file/.