sinn3r - Security Researcher - Exploit Intelligence Platform

CVE-2019-16113 NOMISEC HIGH WORKING POC

Bludit 3.9.2 - RCE

Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname.

5 stars

CVSS 8.8

View Code

CVE-2019-16113 GITLAB HIGH WORKING POC

Bludit 3.9.2 - RCE

Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname.

CVSS 8.8

View Code

CVE-2013-4467 METASPLOIT ruby WORKING POC

Vicidial < 2.7 - SQL Injection

Multiple SQL injection vulnerabilities in the agent interface (agc/) in VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allow (1) remote attackers to execute arbitrary SQL commands via the campaign variable in SCRIPT_multirecording_AJAX.php, (2) remote authenticated users to execute arbitrary SQL commands via the server_ip parameter to manager_send.php, or (3) other unspecified vectors. NOTE: some of these details are obtained from third party information.

View Code

CVE-2018-10661 METASPLOIT CRITICAL ruby WORKING POC

Axis IP Cameras - Auth Bypass

An issue was discovered in multiple models of Axis IP Cameras. There is a bypass of access control.

CVSS 9.8

View Code

CVE-2018-10662 METASPLOIT CRITICAL ruby WORKING POC

Axis IP Cameras - Info Disclosure

An issue was discovered in multiple models of Axis IP Cameras. There is an Exposed Insecure Interface.

CVSS 9.8

View Code

CVE-2013-3115 EXPLOITDB ruby WORKING POC

Microsoft Internet Explorer <11 - Code Injection

Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3162.

View Code

CVE-2013-3143 EXPLOITDB ruby WORKING POC

Microsoft Internet Explorer <10 - Code Injection

Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3161.

View Code

CVE-2013-3144 EXPLOITDB ruby WORKING POC

Microsoft Internet Explorer 8-10 - RCE/DoS

Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3151 and CVE-2013-3163.

View Code

CVE-2013-3145 EXPLOITDB ruby WORKING POC

Microsoft Internet Explorer 9 - Memory Corruption

Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3150.

View Code

CVE-2013-3146 EXPLOITDB ruby WORKING POC

Microsoft Internet Explorer 10 - Memory Corruption

Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3152.

View Code

CVE-2013-3147 EXPLOITDB ruby WORKING POC

Microsoft Internet Explorer <10 - Code Injection

Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

View Code

CVE-2013-3148 EXPLOITDB ruby WORKING POC

Microsoft Internet Explorer <11 - Code Injection

Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3153.

View Code

CVE-2013-3149 EXPLOITDB ruby WORKING POC

Microsoft Internet Explorer <8 - Code Injection

Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

View Code

CVE-2013-3150 EXPLOITDB ruby WORKING POC

Microsoft Internet Explorer 9 - Memory Corruption

Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3145.

View Code

CVE-2013-3151 EXPLOITDB ruby WORKING POC

Microsoft Internet Explorer 8-10 - Code Injection

Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3144 and CVE-2013-3163.

View Code

CVE-2013-3152 EXPLOITDB ruby WORKING POC

Microsoft Internet Explorer 10 - Memory Corruption

Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3146.

View Code

CVE-2013-3153 EXPLOITDB ruby WORKING POC

Microsoft Internet Explorer <11 - Code Injection

Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3148.

View Code

CVE-2013-3161 EXPLOITDB ruby WORKING POC

Microsoft Internet Explorer <10 - Code Injection

Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3143.

View Code

CVE-2013-3162 EXPLOITDB ruby WORKING POC

Microsoft Internet Explorer <11 - Code Injection

Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3115.

View Code

CVE-2013-3163 EXPLOITDB HIGH ruby WORKING POC

Microsoft Internet Explorer 8-10 - Code Injection

Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3144 and CVE-2013-3151.

CVSS 8.8

View Code

CVE-2013-3164 EXPLOITDB ruby WORKING POC

Microsoft Internet Explorer 8 - Code Injection

Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

View Code

CVE-2013-3166 EXPLOITDB ruby WORKING POC

Microsoft Internet Explorer 6-10 - XSS

Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to inject arbitrary web script or HTML via vectors involving incorrect auto-selection of the Shift JIS encoding, leading to cross-domain scrolling events, aka "Shift JIS Character Encoding Vulnerability," a different vulnerability than CVE-2013-0015.

View Code

CVE-2013-3846 EXPLOITDB ruby WORKING POC

Microsoft Internet Explorer - Resource Management Error

Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted CSpliceTreeEngine::InsertSplice object in an HTML document, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3143 and CVE-2013-3161.

View Code

CVE-2014-4114 EXPLOITDB HIGH ruby WORKING POC

MS14-060 Microsoft Windows OLE Package Manager Code Execution

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object in an Office document, as exploited in the wild with a "Sandworm" attack in June through October 2014, aka "Windows OLE Remote Code Execution Vulnerability."

CVSS 7.8

View Code

CVE-2014-4114 EXPLOITDB HIGH ruby WORKING POC

MS14-060 Microsoft Windows OLE Package Manager Code Execution

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object in an Office document, as exploited in the wild with a "Sandworm" attack in June through October 2014, aka "Windows OLE Remote Code Execution Vulnerability."

CVSS 7.8

View Code