w3bd3vil

11 exploits Active since Jun 2009
CVE-2023-28231 NOMISEC HIGH WORKING POC
Windows Server 2008, 2012, 2016, 2019, 2022 - Remote Code Execution via DHCP Server Service
DHCP Server Service Remote Code Execution Vulnerability
69 stars
CVSS 8.8
CVE-2023-28231 INTHEWILD HIGH WORKING POC
Windows Server 2008, 2012, 2016, 2019, 2022 - Remote Code Execution via DHCP Server Service
DHCP Server Service Remote Code Execution Vulnerability
CVSS 8.8
CVE-2023-38951 WRITEUP CRITICAL WORKING POC
ZKTeco BioTime <9.0.1 - Path Traversal
ZKTeco BioTime 8.5.5 through 9.x before 9.0.1 (20240617.19506) allows authenticated attackers to create or overwrite arbitrary files on the server via crafted requests to /base/sftpsetting/ endpoints that abuse a path traversal issue in the Username field and a lack of input sanitization on the SSH Key field. Overwriting specific files may lead to arbitrary code execution as NT AUTHORITY\SYSTEM.
CVSS 9.8
CVE-2023-38952 WRITEUP HIGH WORKING POC
ZKTeco BioTime <9.0.1 - Privilege Escalation
Insecure access control in ZKTeco BioTime through 9.0.1 allows authenticated attackers to escalate their privileges due to the fact that session ids are not validated for the type of user accessing the application by default. Privilege restrictions between non-admin and admin users are not enforced and any authenticated user can leverage admin functions without restriction by making direct requests to administrative endpoints.
CVSS 7.5
CVE-2021-44228 METASPLOIT CRITICAL ruby WORKING POC
Log4Shell HTTP Header Injection
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
CVSS 10.0
CVE-2013-1690 METASPLOIT HIGH ruby WORKING POC
Firefox < 22.0 and Thunderbird < 17.0.7 - Remote Code Execution via onreadystatechange Event Handling
Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location.
CVSS 8.8
CVE-2013-1690 EXPLOITDB HIGH ruby WORKING POC
Firefox < 22.0 and Thunderbird < 17.0.7 - Remote Code Execution via onreadystatechange Event Handling
Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location.
CVSS 8.8
CVE-2011-0978 EXPLOITDB python WORKING POC
Microsoft Excel - Memory Corruption
Stack-based buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via vectors related to an axis properties record, and improper incrementing of an array index, aka "Excel Array Indexing Vulnerability."
CVE-2009-0955 EXPLOITDB text WORKING POC
Apple QuickTime < 7.6.2 - Remote Code Execution via Crafted Image Description Atoms
Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted image description atoms in an Apple video file, related to a "sign extension issue."
EIP-2026-104565 EXPLOITDB html WORKING POC
Apple Mac OSX Safari 8.0 - Crash (PoC)
EIP-2026-102560 EXPLOITDB python WORKING POC
Apple QuickTime - CRGN Atom Local Crash