sinn3r

410 exploits Active since Dec 2002
CVE-2012-0013 EXPLOITDB ruby WORKING POC
MS12-005 Microsoft Office ClickOnce Unsafe Object Package Handling Vulnerability
Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability."
CVE-2011-0105 EXPLOITDB ruby WORKING POC
MS11-021 Microsoft Office 2007 Excel .xlb Buffer Overflow
Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac obtain a certain length value from an uninitialized memory location, which allows remote attackers to trigger a buffer overflow and execute arbitrary code via a crafted Excel file, aka "Excel Data Initialization Vulnerability."
CVE-2012-3274 EXPLOITDB ruby WORKING POC
HP IMC <5.1 - Buffer Overflow
Stack-based buffer overflow in uam.exe in the User Access Manager (UAM) component in HP Intelligent Management Center (IMC) before 5.1 E0101P01 allows remote attackers to execute arbitrary code via vectors related to log data.
CVE-2012-0663 EXPLOITDB ruby WORKING POC
Apple QuickTime <7.7.2 - Buffer Overflow
Multiple stack-based buffer overflows in Apple QuickTime before 7.7.2 on Windows allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TeXML file.
EIP-2026-116859 EXPLOITDB ruby WORKING POC
Aviosoft Digital TV Player Professional 1.0 - Local Stack Buffer Overflow (Metasploit)
EIP-2026-117352 EXPLOITDB text WORKING POC
Ipswitch IMAIL 11.01 - Reversible Encryption + weak ACL
EIP-2026-117349 EXPLOITDB html WORKING POC
IP2location.dll 1.0.0.1 - Function 'Initialize()' Local Buffer Overflow
CVE-2007-3068 EXPLOITDB ruby WORKING POC
DVD X Studios Dvd X Player - Buffer Overflow
Stack-based buffer overflow in DVD X Player 4.1 Professional allows remote attackers to execute arbitrary code via a PLF playlist containing a long filename.
CVE-2011-2462 EXPLOITDB CRITICAL ruby WORKING POC
Adobe Acrobat < 10.1.1 - Out-of-Bounds Write
Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.
CVSS 9.8
CVE-2012-5975 EXPLOITDB ruby WORKING POC
SSH Tectia Server - Authentication Bypass
The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6.2.5, and 6.3.0 through 6.3.2 on UNIX and Linux, when old-style password authentication is enabled, allows remote attackers to bypass authentication via a crafted session involving entry of blank passwords, as demonstrated by a root login session from a modified OpenSSH client with an added input_userauth_passwd_changereq call in sshconnect2.c.
CVE-2011-4449 EXPLOITDB ruby WORKING POC
WikkaWiki 1.3.1-1.3.2 - RCE
actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
CVE-2012-0694 EXPLOITDB CRITICAL ruby WORKING POC
SugarCRM CE <= 6.3.1 - Code Injection
SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote attackers to execute arbitrary PHP code.
CVSS 9.8
EIP-2026-111611 EXPLOITDB ruby WORKING POC
qdPM 7.0 - Arbitrary '.PHP' File Upload (Metasploit)
CVE-2011-4825 EXPLOITDB ruby WORKING POC
Phpletter Ajax File And Image Manager < 1.0 - Code Injection
Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters.
CVE-2012-3399 EXPLOITDB ruby WORKING POC
Artis.imag Basilic - Improper Input Validation
Config/diff.php in Basilic 1.5.14 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter.
CVE-2012-1153 EXPLOITDB ruby WORKING POC
Apprain < 0.1.5 - Unrestricted File Upload
Unrestricted file upload vulnerability in addons/uploadify/uploadify.php in appRain CMF 0.1.5 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads directory.
EIP-2026-104742 EXPLOITDB ruby WORKING POC
LotusCMS 3.0 - 'eval()' Remote Command Execution (Metasploit)
EIP-2026-104743 EXPLOITDB ruby WORKING POC
Network Shutdown Module 3.21 - 'sort_values' Remote PHP Code Injection (Metasploit)
EIP-2026-104770 EXPLOITDB ruby WORKING POC
Sflog! CMS 1.0 - Arbitrary File Upload (Metasploit)
CVE-2011-4828 EXPLOITDB ruby WORKING POC
Autosectools V-cms - Code Injection
Unrestricted file upload vulnerability in includes/inline_image_upload.php in AutoSec Tools V-CMS 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in temp/.
CVE-2012-5692 EXPLOITDB ruby WORKING POC
Invision Power Board <3.3.x - Unknown Vuln
Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unknown impact and remote attack vectors.
CVE-2011-3230 EXPLOITDB ruby WORKING POC
Apple Safari - Access Control
Apple Safari before 5.1.1 on Mac OS X does not enforce an intended policy for file: URLs, which allows remote attackers to execute arbitrary code via a crafted web site.
CVE-2019-16113 EXPLOITDB HIGH ruby WORKING POC
Bludit 3.9.2 - RCE
Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname.
CVSS 8.8
CVE-2019-15954 EXPLOITDB CRITICAL ruby WORKING POC
Total.js CMS 12.0.0 - Authenticated RCE
An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote Command Execution (RCE) on the remote server by creating a malicious widget with a special tag containing JavaScript code that will be evaluated server side. In the process of evaluating the tag by the back-end, it is possible to escape the sandbox object by using the following payload: <script total>global.process.mainModule.require(child_process).exec(RCE);</script>
CVSS 9.9
EIP-2026-104087 EXPLOITDB ruby WORKING POC
Squiggle 1.7 - SVG Browser Java Code Execution (Metasploit)