scriptjunkie

13 exploits Active since May 2009
CVE-2011-0997 METASPLOIT ruby WORKING POC
ISC Dhcp - Improper Input Validation
dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script.
CVE-2009-1780 EXPLOITDB text WORKING POC
Frax Php Recommend < 1.3 - Missing Authentication
admin.php in Frax.dk Php Recommend 1.3 and earlier does not require authentication when the user password is changed, which allows remote attackers to gain administrative privileges via modified form_admin_user and form_admin_pass parameters.
CVE-2009-1779 EXPLOITDB text WORKING POC
Frax Php Recommend < 1.3 - Path Traversal
PHP remote file inclusion vulnerability in admin.php in Frax.dk Php Recommend 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the form_include_template parameter.
CVE-2010-20120 EXPLOITDB HIGH ruby WORKING POC
Maple <13 - Command Injection
Maple versions up to and including 13's Maplet framework allows embedded commands to be executed automatically when a .maplet file is opened. This behavior bypasses standard security restrictions that normally prevent code execution in regular Maple worksheets. The vulnerability enables attackers to craft malicious .maplet files that execute arbitrary code without user interaction.
CVE-2014-6271 METASPLOIT CRITICAL ruby WORKING POC
Apache mod_cgi Bash Environment Variable Code Injection (Shellshock)
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
CVSS 9.8
CVE-2010-20120 METASPLOIT HIGH ruby WORKING POC
Maple <13 - Command Injection
Maple versions up to and including 13's Maplet framework allows embedded commands to be executed automatically when a .maplet file is opened. This behavior bypasses standard security restrictions that normally prevent code execution in regular Maple worksheets. The vulnerability enables attackers to craft malicious .maplet files that execute arbitrary code without user interaction.
CVE-2025-21293 METASPLOIT HIGH ruby WORKING POC
Microsoft Windows 10 1507 < 10.0.10240.20890 - Improper Access Control
Active Directory Domain Services Elevation of Privilege Vulnerability
CVSS 8.8
CVE-2010-3765 METASPLOIT CRITICAL ruby WORKING POC
Mozilla Firefox - Memory Corruption
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.
CVSS 9.8
CVE-2010-3765 EXPLOITDB CRITICAL ruby WORKING POC
Mozilla Firefox - Memory Corruption
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.
CVSS 9.8
EIP-2026-118257 EXPLOITDB text WORKING POC
Ammyy Admin 3.5 - Remote Code Execution (Metasploit)
EIP-2026-117522 EXPLOITDB ruby WORKING POC
Microsoft Windows - Escalate Service Permissions Privilege Escalation (Metasploit)
EIP-2026-116539 EXPLOITDB text WORKING POC
Winamp 5.57 - Stack Overflow
CVE-2009-1781 EXPLOITDB text WORKING POC
Frax Php Recommend < 1.3 - Injection
Static code injection vulnerability in admin.php in Frax.dk Php Recommend 1.3 and earlier allows remote attackers to inject arbitrary PHP code into phpre_config.php via the form_aula parameter.