scriptjunkie

13 exploits Active since May 2009
CVE-2011-0997 METASPLOIT ruby WORKING POC
ISC DHCP 3.0.x-4.2.x - Remote Code Execution via DHCP Hostname Shell Metacharacters
dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script.
CVE-2009-1780 EXPLOITDB text WORKING POC
Frax.dk Php Recommend <= 1.3 - Unauthenticated Privilege Escalation via Password Change
admin.php in Frax.dk Php Recommend 1.3 and earlier does not require authentication when the user password is changed, which allows remote attackers to gain administrative privileges via modified form_admin_user and form_admin_pass parameters.
CVE-2009-1779 EXPLOITDB text WORKING POC
Frax.dk Php Recommend < 1.3 - Remote File Inclusion via form_include_template Parameter
PHP remote file inclusion vulnerability in admin.php in Frax.dk Php Recommend 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the form_include_template parameter.
CVE-2010-20120 EXPLOITDB HIGH ruby WORKING POC
Maplesoft Maple <= 13 - Remote Code Execution via Malicious Maplet File
Maple versions up to and including 13's Maplet framework allows embedded commands to be executed automatically when a .maplet file is opened. This behavior bypasses standard security restrictions that normally prevent code execution in regular Maple worksheets. The vulnerability enables attackers to craft malicious .maplet files that execute arbitrary code without user interaction.
CVE-2014-6271 METASPLOIT CRITICAL ruby WORKING POC
Apache mod_cgi Bash Environment Variable Code Injection (Shellshock)
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
CVSS 9.8
CVE-2010-20120 METASPLOIT HIGH ruby WORKING POC
Maplesoft Maple <= 13 - Remote Code Execution via Malicious Maplet File
Maple versions up to and including 13's Maplet framework allows embedded commands to be executed automatically when a .maplet file is opened. This behavior bypasses standard security restrictions that normally prevent code execution in regular Maple worksheets. The vulnerability enables attackers to craft malicious .maplet files that execute arbitrary code without user interaction.
CVE-2025-21293 METASPLOIT HIGH ruby WORKING POC
Windows 10 1507-24H2 and Windows Server 2012-2016 - Active Directory Domain Services Elevation of Privilege
Active Directory Domain Services Elevation of Privilege Vulnerability
CVSS 8.8
CVE-2010-3765 METASPLOIT CRITICAL ruby WORKING POC
Mozilla Firefox 3.5.x-3.5.14 and 3.6.x-3.6.11 - Remote Code Execution via nsCSSFrameConstructor
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.
CVSS 9.8
CVE-2010-3765 EXPLOITDB CRITICAL ruby WORKING POC
Mozilla Firefox 3.5.x-3.5.14 and 3.6.x-3.6.11 - Remote Code Execution via nsCSSFrameConstructor
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.
CVSS 9.8
EIP-2026-118257 EXPLOITDB text WORKING POC
Ammyy Admin 3.5 - Remote Code Execution (Metasploit)
EIP-2026-117522 EXPLOITDB ruby WORKING POC
Microsoft Windows - Escalate Service Permissions Privilege Escalation (Metasploit)
EIP-2026-116539 EXPLOITDB text WORKING POC
Winamp 5.57 - Stack Overflow
CVE-2009-1781 EXPLOITDB text WORKING POC
Frax.dk Php Recommend < 1.3 - Remote PHP Code Injection via form_aula Parameter
Static code injection vulnerability in admin.php in Frax.dk Php Recommend 1.3 and earlier allows remote attackers to inject arbitrary PHP code into phpre_config.php via the form_aula parameter.