rastating

12 exploits Active since Nov 2014
CVE-2019-17240 NOMISEC CRITICAL WORKING POC
Bludit - Brute Force
bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers.
1 stars
CVSS 9.8
CVE-2018-6389 NOMISEC HIGH WRITEUP
Wordpress < 4.9.2 - Denial of Service
In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times.
CVSS 7.5
CVE-2014-9034 METASPLOIT ruby WORKING POC
WordPress Long Password DoS
wp-includes/class-phpass.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to cause a denial of service (CPU consumption) via a long password that is improperly handled during hashing, a similar issue to CVE-2014-9016.
CVE-2015-10139 METASPLOIT HIGH ruby WORKING POC
WPLMS <1.8.4.1 - Privilege Escalation
The WPLMS theme for WordPress is vulnerable to Privilege Escalation in versions 1.5.2 to 1.8.4.1 via the 'wp_ajax_import_data' AJAX action. This makes it possible for authenticated attackers to change otherwise restricted settings and potentially create a new accessible admin account.
CVSS 8.8
CVE-2015-2673 METASPLOIT HIGH ruby WORKING POC
Wpeasycart WP Easycart - Access Control
The ec_ajax_update_option and ec_ajax_clear_all_taxrates functions in inc/admin/admin_ajax_functions.php in the WP EasyCart plugin 1.1.30 through 3.0.20 for WordPress allow remote attackers to gain administrator privileges and execute arbitrary code via the option_name and option_value parameters.
CVSS 8.8
CVE-2015-1172 METASPLOIT ruby WORKING POC
Holding Pattern <0.6 - RCE
Unrestricted file upload vulnerability in admin/upload-file.php in the Holding Pattern theme (aka holding_pattern) 0.6 and earlier for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in an unspecified directory.
CVE-2015-1587 METASPLOIT ruby WORKING POC
Maarch LetterBox <2.8 - RCE
Unrestricted file upload vulnerability in file_to_index.php in Maarch LetterBox 2.8 and earlier and GEC/GED 1.4 and earlier allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a request to a predictable filename in tmp/.
CVE-2014-10021 METASPLOIT ruby WORKING POC
Wpsymposiumpro WP Symposium - Unrestricted File Upload
Unrestricted file upload vulnerability in UploadHandler.php in the WP Symposium plugin 14.11 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in server/php/.
CVE-2016-1209 METASPLOIT CRITICAL ruby WORKING POC
Ninja Forms <2.9.42.1 - Code Injection
The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request.
CVSS 9.8
CVE-2014-9308 METASPLOIT ruby WORKING POC
WP EasyCart <3.0.9 - RCE
Unrestricted file upload vulnerability in inc/amfphp/administration/banneruploaderscript.php in the WP EasyCart (aka WordPress Shopping Cart) plugin before 3.0.9 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in products/banners/.
CVE-2014-9312 METASPLOIT HIGH ruby WORKING POC
Photo Gallery 1.2.5 - Info Disclosure
Unrestricted File Upload vulnerability in Photo Gallery 1.2.5.
CVSS 8.8
CVE-2019-17240 EXPLOITDB CRITICAL ruby WORKING POC
Bludit - Brute Force
bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers.
CVSS 9.8