msutovsky-r7

23 exploits Active since Apr 2022
CVE-2023-28459 METASPLOIT MEDIUM ruby WORKING POC
pretalx < 2.3.2 - Path Traversal via HTML Export Feature
pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Users were able to upload crafted HTML documents that trigger the reading of arbitrary files.
CVSS 6.5
CVE-2023-28458 METASPLOIT MEDIUM ruby WORKING POC
Pretalx Limited File Write to Remote Code Execution
pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Organizers can trigger the overwriting (with the standard pretalx 404 page content) of an arbitrary file.
CVSS 4.3
CVE-2022-28368 METASPLOIT CRITICAL ruby WORKING POC
dompdf < 1.2.1 - Remote Code Execution via CSS @font-face src:url
Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets (CSS) statement (within an HTML input file).
CVSS 9.8
CVE-2024-48766 METASPLOIT HIGH ruby WORKING POC
NetAlertX 24.7.18-24.10.12 - Unauthenticated Path Traversal and Arbitrary File Read via logs.php
NetAlertX 24.7.18 before 24.10.12 allows unauthenticated file reading because an HTTP client can ignore a redirect, and because of factors related to strpos and directory traversal, as exploited in the wild in May 2025. This is related to components/logs.php.
CVSS 8.6
CVE-2025-61675 METASPLOIT HIGH ruby WORKING POC
FreePBX endpoint SQLi to RCE
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains authenticated SQL injection vulnerabilities affecting multiple parameters in the basestation, model, firmware, and custom extension configuration functionality areas. Authentication with a known username is required to exploit these vulnerabilities. Successful exploitation allows authenticated users to execute arbitrary SQL queries against the database, potentially enabling access to sensitive data or modification of database contents. This issue has been patched in version 16.0.92 for FreePBX 16 and version 17.0.6 for FreePBX 17.
CVE-2025-61675 METASPLOIT HIGH ruby WORKING POC
FreePBX endpoint SQLi to RCE
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains authenticated SQL injection vulnerabilities affecting multiple parameters in the basestation, model, firmware, and custom extension configuration functionality areas. Authentication with a known username is required to exploit these vulnerabilities. Successful exploitation allows authenticated users to execute arbitrary SQL queries against the database, potentially enabling access to sensitive data or modification of database contents. This issue has been patched in version 16.0.92 for FreePBX 16 and version 17.0.6 for FreePBX 17.
CVE-2026-21858 METASPLOIT CRITICAL ruby WORKING POC
n8n 1.65.0-1.120.9 - Unauthenticated Arbitrary File Read via Form-Based Workflow Execution
n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0 enable an attacker to access files on the underlying server through execution of certain form-based workflows. A vulnerable workflow could grant access to an unauthenticated remote attacker, resulting in exposure of sensitive information stored on the system and may enable further compromise depending on deployment configuration and workflow usage. This issue is fixed in version 1.121.0.
CVSS 10.0
CVE-2025-61678 METASPLOIT HIGH ruby WORKING POC
FreePBX <16.0.92-17.0.6 - Authenticated File Upload
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains an authenticated arbitrary file upload vulnerability affecting the fwbrand parameter. The fwbrand parameter allows an attacker to change the file path. Combined, these issues can result in a webshell being uploaded. Authentication with a known username is required to exploit this vulnerability. Successful exploitation allows authenticated users to upload arbitrary files to attacker-controlled paths on the server, potentially leading to remote code execution. This issue has been patched in version 16.0.92 for FreePBX 16 and version 17.0.6 for FreePBX 17.
CVE-2023-41425 METASPLOIT MEDIUM ruby WORKING POC
WonderCMS Remote Code Execution
Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component.
CVSS 6.1
CVE-2025-34299 METASPLOIT CRITICAL ruby WORKING POC
Monsta FTP < 2.11 - Unauthenticated Arbitrary File Upload
Monsta FTP versions 2.11 and earlier contain a vulnerability that allows unauthenticated arbitrary file uploads. This flaw enables attackers to execute arbitrary code by uploading a specially crafted file from a malicious (S)FTP server.
CVSS 9.8
CVE-2021-25094 METASPLOIT HIGH ruby WORKING POC
Tatsu Wordpress Plugin RCE
The Tatsu WordPress plugin before 3.3.12 add_custom_font action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress's upload directory. By adding a PHP shell with a filename starting with a dot ".", this can bypass extension control implemented in the plugin. Moreover, there is a race condition in the zip extraction process which makes the shell file live long enough on the filesystem to be callable by an attacker.
CVSS 8.1
CVE-2022-40471 METASPLOIT CRITICAL ruby WORKING POC
Clinic's Patient Management System 1.0 - RCE
Remote Code Execution in Clinic's Patient Management System v 1.0 allows Attacker to Upload arbitrary php webshell via profile picture upload functionality in users.php
CVSS 9.8
CVE-2025-34511 METASPLOIT HIGH ruby WORKING POC
Sitecore XP CVE-2025-34511 Post-Authentication File Upload
Sitecore PowerShell Extensions, an add-on to Sitecore Experience Manager (XM) and Experience Platform (XP), through version 7.0 is vulnerable to an unrestricted file upload issue. A remote, authenticated attacker can upload arbitrary files to the server using crafted HTTP requests, resulting in remote code execution.
CVSS 8.8
CVE-2025-59287 METASPLOIT CRITICAL ruby WORKING POC
Windows Server 2012, 2016, 2019, 2022, 2025 - Unauthenticated RCE via Deserialization
Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.
CVSS 9.8
CVE-2025-34509 METASPLOIT HIGH ruby WORKING POC
Sitecore XP/XM 10.1-10.1.4, 10.2, 10.3-10.3.3, 10.4-10.4.1 - Unauthenticated RCE via Hardcoded Credentials
Sitecore Experience Manager (XM) and Experience Platform (XP) versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access administrative API over HTTP.
CVSS 7.5
CVE-2024-53326 METASPLOIT HIGH ruby WORKING POC
LINQPad Deserialization
LINQPad before 5.52.01 Pro edition is vulnerable to Unsafe Deserialization in LINQPad.AutoRefManager::PopulateFromCache(), leading to code execution.
CVSS 7.3
CVE-2025-52367 METASPLOIT MEDIUM ruby WORKING POC
PivotX CMS 3.0.0 RC 3 - Stored Cross-Site Scripting via Subtitle Field
Cross Site Scripting vulnerability in PivotX CMS v.3.0.0 RC 3 allows a remote attacker to execute arbitrary code via the subtitle field.
CVSS 5.4
CVE-2025-49619 METASPLOIT HIGH ruby WORKING POC
Skyvern SSTI Remote Code Execution
Skyvern through 0.1.85 is vulnerable to server-side template injection (SSTI) in the Prompt field of workflow blocks such as the Navigation v2 Block. Improper sanitization of Jinja2 template input allows authenticated users to inject crafted expressions that are evaluated on the server, leading to blind remote code execution (RCE).
CVSS 8.5
CVE-2024-32019 METASPLOIT HIGH ruby WORKING POC
netdata 1.44.0-60-1.45.0-169 and 1.45.0-1.45.3 - Local Privilege Escalation via PATH Environment Variable Manipulation
Netdata is an open source observability tool. In affected versions the `ndsudo` tool shipped with affected versions of the Netdata Agent allows an attacker to run arbitrary programs with root permissions. The `ndsudo` tool is packaged as a `root`-owned executable with the SUID bit set. It only runs a restricted set of external commands, but its search paths are supplied by the `PATH` environment variable. This allows an attacker to control where `ndsudo` looks for these commands, which may be a path the attacker has write access to. This may lead to local privilege escalation. This vulnerability has been addressed in versions 1.45.3 and 1.45.2-169. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS 8.8
CVE-2025-5306 METASPLOIT CRITICAL ruby WORKING POC
Pandora FMS 774-778 - OS Command Injection via Netflow Directory Field
Improper Neutralization of Special Elements in the Netflow directory field may allow OS command injection. This issue affects Pandora FMS 774 through 778
CVSS 9.8
CVE-2025-32463 METASPLOIT CRITICAL ruby WORKING POC
Sudo <1.9.17p1 - Privilege Escalation
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
CVSS 9.3
CVE-2023-36255 METASPLOIT HIGH ruby WORKING POC
eramba 3.19.1 - Remote Code Execution via Path Parameter
An issue in Eramba Limited Eramba Enterprise and Community edition v.3.19.1 allows a remote attacker to execute arbitrary code via the path parameter in the URL.
CVSS 8.8
CVE-2023-28458 METASPLOIT MEDIUM ruby WORKING POC
Pretalx Limited File Write to Remote Code Execution
pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Organizers can trigger the overwriting (with the standard pretalx 404 page content) of an arbitrary file.
CVSS 4.3