wvu

128 exploits Active since Apr 2014
CVE-2014-8517 METASPLOIT ruby WORKING POC
Apple Mac OS X - Command Injection
The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect.
CVE-2020-11652 METASPLOIT MEDIUM ruby WORKING POC
Salt < 2019.2.4 - Path Traversal
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.
CVSS 6.5
CVE-2020-8772 METASPLOIT CRITICAL ruby WORKING POC
InfiniteWP Client <1.9.4.5 - Privilege Escalation
The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missing authorization check in iwp_mmb_set_request in init.php. Any attacker who knows the username of an administrator can log in.
CVSS 9.8
CVE-2018-15473 METASPLOIT MEDIUM ruby WORKING POC
Openbsd Openssh < 7.7 - Race Condition
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
CVSS 5.3
CVE-2016-1909 METASPLOIT CRITICAL ruby SCANNER
Fortinet <5.0.12 - Hardcoded Passphrase
Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0.8; and FortiOS 4.1.x before 4.1.11, 4.2.x before 4.2.16, 4.3.x before 4.3.17 and 5.0.x before 5.0.8 have a hardcoded passphrase for the Fortimanager_Access account, which allows remote attackers to obtain administrative access via an SSH session.
CVSS 9.8
CVE-2019-11510 METASPLOIT CRITICAL ruby WORKING POC
Pulse Secure PCS <9.0R3.4 - Info Disclosure
In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability .
CVSS 10.0
CVE-2018-10933 METASPLOIT CRITICAL ruby WORKING POC
libssh Authentication Bypass Scanner
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.
CVSS 9.1
CVE-2018-20062 METASPLOIT CRITICAL ruby WORKING POC
NoneCms V1.3 - RCE
An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to execute arbitrary PHP code via crafted use of the filter parameter, as demonstrated by the s=index/\think\Request/input&filter=phpinfo&data=1 query string.
CVSS 9.8
CVE-2020-8794 METASPLOIT CRITICAL ruby WORKING POC
OpenSMTPD OOB Read Local Privilege Escalation
OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce handling.
CVSS 9.8
CVE-2018-7600 METASPLOIT CRITICAL ruby WORKING POC
Drupal Drupalgeddon 2 Forms API Property Injection
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
CVSS 9.8
CVE-2020-7247 METASPLOIT CRITICAL ruby WORKING POC
Openbsd Opensmtpd - Improper Exception Handling
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.
CVSS 9.8
CVE-2018-11776 METASPLOIT HIGH ruby WORKING POC
Apache Struts 2 Namespace Redirect OGNL Injection
Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace.
CVSS 8.1
CVE-2016-10033 METASPLOIT CRITICAL ruby WORKING POC
PHPMailer Sendmail Argument Injection
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
CVSS 9.8
CVE-2020-7961 METASPLOIT CRITICAL ruby WORKING POC
Liferay Portal <7.2.1 CE GA2 - Code Injection
Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS).
CVSS 9.8
CVE-2017-9805 METASPLOIT HIGH ruby WORKING POC
Apache Struts 2 REST Plugin XStream RCE
The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads.
CVSS 8.1
CVE-2021-26084 METASPLOIT CRITICAL ruby WORKING POC
Confluence Server/Data Center <6.13.23, <6.14.0-7.4.11, <7.5.0-7.11...
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.
CVSS 9.8
CVE-2016-0710 METASPLOIT HIGH ruby WORKING POC
Apache Jetspeed Arbitrary File Upload
Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the (1) role or (2) user parameter to services/usermanager/users/.
CVSS 8.8
CVE-2022-29464 METASPLOIT CRITICAL ruby WORKING POC
WSO2 Arbitrary File Upload to RCE
Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a Content-Disposition directory traversal sequence to reach a directory under the web root, such as a ../../../../repository/deployment/server/webapps directory. This affects WSO2 API Manager 2.2.0 up to 4.0.0, WSO2 Identity Server 5.2.0 up to 5.11.0, WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0 and 5.6.0, WSO2 Identity Server as Key Manager 5.3.0 up to 5.11.0, WSO2 Enterprise Integrator 6.2.0 up to 6.6.0, WSO2 Open Banking AM 1.4.0 up to 2.0.0 and WSO2 Open Banking KM 1.4.0, up to 2.0.0.
CVSS 9.8
CVE-2021-21972 METASPLOIT CRITICAL ruby WORKING POC
Vmware Cloud Foundation < 3.10.1.2 - Path Traversal
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).
CVSS 9.8
CVE-2014-6278 METASPLOIT HIGH ruby WORKING POC
GNU Bash <4.3 - RCE
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277.
CVSS 8.8
CVE-2016-1531 METASPLOIT HIGH ruby WORKING POC
Exim <4.86.2 - Privilege Escalation
Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument.
CVSS 7.0
CVE-2018-9206 METASPLOIT CRITICAL ruby WORKING POC
Blueimp jQuery-File-Upload <=9.22.0 - File Upload
Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0
CVSS 9.8
CVE-2020-14883 METASPLOIT HIGH ruby WORKING POC
Oracle WebLogic Server <14.1.1.0.0 - RCE
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
CVSS 7.2
CVE-2021-34523 METASPLOIT CRITICAL ruby WORKING POC
Microsoft Exchange Server - Privilege Escalation
Microsoft Exchange Server Elevation of Privilege Vulnerability
CVSS 9.0
CVE-2021-22652 METASPLOIT CRITICAL ruby WORKING POC
Advantech iView <5.7.03.6112 - Code Execution
Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution.
CVSS 9.8