wvu

151 exploits Active since Apr 2014
CVE-2020-13166 METASPLOIT CRITICAL ruby WORKING POC
MyLittleAdmin 3.8 - Unauthenticated Remote Code Execution via Hardcoded MachineKey
The management tool in MyLittleAdmin 3.8 allows remote attackers to execute arbitrary code because machineKey is hardcoded (the same for all customers' installations) in web.config, and can be used to send serialized ASP code.
CVSS 9.8
CVE-2021-34523 METASPLOIT CRITICAL ruby WORKING POC
Microsoft Exchange Server - Privilege Escalation
Microsoft Exchange Server Elevation of Privilege Vulnerability
CVSS 9.0
CVE-2021-22652 METASPLOIT CRITICAL ruby WORKING POC
Advantech iView <5.7.03.6112 - Code Execution
Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution.
CVSS 9.8
CVE-2020-10915 METASPLOIT CRITICAL ruby WORKING POC
VEEAM One Agent 9.5.4.4587 - Deserialization
This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HandshakeResult method. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-10401.
CVSS 9.8
CVE-2018-16509 METASPLOIT HIGH ruby WORKING POC
Artifex Ghostscript <9.24 - Privilege Escalation
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction.
CVSS 7.8
CVE-2019-1003002 METASPLOIT HIGH ruby WORKING POC
Pipeline: Declarative Plugin <1.3.3 - RCE
A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.
CVSS 8.8
CVE-2020-16952 METASPLOIT HIGH ruby WORKING POC
Microsoft SharePoint Server-Side Include and ViewState RCE
<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p> <p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p> <p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p>
CVSS 8.6
CVE-2021-26914 METASPLOIT HIGH ruby WORKING POC
NetMotion Mobility < 11.73 and 12.x < 12.02 - Unauthenticated Remote Code Execution via Java Deserialization in MvcUtil
NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in MvcUtil valueStringToObject.
CVSS 8.1
CVE-2021-40539 METASPLOIT CRITICAL ruby WORKING POC
ManageEngine ADSelfService Plus CVE-2021-40539
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.
CVSS 9.8
CVE-2017-0147 METASPLOIT HIGH ruby WORKING POC
Microsoft Windows - SMBv1 Information Disclosure via Crafted Packets
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted packets, aka "Windows SMB Information Disclosure Vulnerability."
CVSS 7.5
CVE-2017-0147 METASPLOIT HIGH ruby WORKING POC
Microsoft Windows - SMBv1 Information Disclosure via Crafted Packets
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted packets, aka "Windows SMB Information Disclosure Vulnerability."
CVSS 7.5
CVE-2020-11652 METASPLOIT MEDIUM ruby WORKING POC
SaltStack Salt < 2019.2.4 - Authenticated Path Traversal via ClearFuncs Methods
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.
CVSS 6.5
CVE-2015-8103 METASPLOIT CRITICAL ruby WORKING POC
Jenkins CLI RMI Java Deserialization Vulnerability
The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-*.jar file and the "Groovy variant in 'ysoserial'".
CVSS 9.8
CVE-2022-22954 METASPLOIT CRITICAL ruby WORKING POC
VMware Workspace ONE Access CVE-2022-22954
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.
CVSS 9.8
CVE-2020-13167 METASPLOIT CRITICAL ruby WORKING POC
Netsweeper < 6.4.3 - Unauthenticated Remote Code Execution via webadmin/tools/unixlogin.php
Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php (with certain Referer headers) launches a command line with client-supplied parameters, and allows injection of shell metacharacters.
CVSS 9.8
CVE-2020-5902 METASPLOIT CRITICAL ruby WORKING POC
BIG-IP 11.6.1-11.6.5.1 - Remote Code Execution via TMUI Undisclosed Pages
In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.
CVSS 9.8
CVE-2020-25223 METASPLOIT CRITICAL ruby WORKING POC
Sophos Unified Threat Management < 9.511 - Remote Code Execution via WebAdmin SID Parameter
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11
CVSS 9.8
CVE-2023-49070 METASPLOIT CRITICAL ruby WORKING POC
Apache OFBiz < 18.12.10 - Unauthenticated Remote Code Execution via XML-RPC
Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10.  Users are recommended to upgrade to version 18.12.10
CVSS 9.8
CVE-2013-10036 METASPLOIT HIGH ruby WORKING POC
Beetel Connection Manager PCW_BTLINDV1.0.0B04 - Buffer Overflow
A stack-based buffer overflow vulnerability exists in Beetel Connection Manager version PCW_BTLINDV1.0.0B04 when parsing the UserName parameter in the NetConfig.ini configuration file. A crafted .ini file containing an overly long UserName value can overwrite the Structured Exception Handler (SEH), leading to arbitrary code execution when the application processes the file.
CVE-2020-14871 METASPLOIT CRITICAL ruby WORKING POC
Oracle Solaris 10-11 - Privilege Escalation
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. Note: This CVE is not exploitable for Solaris 11.1 and later releases, and ZFSSA 8.7 and later releases, thus the CVSS Base Score is 0.0. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
CVSS 10.0
CVE-2019-12780 METASPLOIT CRITICAL ruby WORKING POC
Belkin Crock-Pot Smart Slow Cooker with WeMo Firmware - Unauthenticated OS Command Injection via SmartDevURL Argument
The Belkin Wemo Enabled Crock-Pot allows command injection in the Wemo UPnP API via the SmartDevURL argument to the SetSmartDevInfo action. A simple POST request to /upnp/control/basicevent1 can allow an attacker to execute commands without authentication.
CVSS 9.8
CVE-2021-38647 METASPLOIT CRITICAL ruby WORKING POC
Microsoft OMI Management Interface Authentication Bypass
Open Management Infrastructure Remote Code Execution Vulnerability
CVSS 9.8
CVE-2015-9266 METASPLOIT CRITICAL ruby WORKING POC
Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP - Unauthenticated Path Traversal and Arbitrary File Write
The web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP (formerly TOUGHSwitch) allows an unauthenticated attacker to upload and write arbitrary files using directory traversal techniques. An attacker can exploit this vulnerability to gain root privileges. This vulnerability is fixed in the following product versions (fixes released in July 2015, all prior versions are affected): airMAX AC 7.1.3; airMAX M (and airRouter) 5.6.2 XM/XW/TI, 5.5.11 XM/TI, and 5.5.10u2 XW; airGateway 1.1.5; airFiber AF24/AF24HD 2.2.1, AF5x 3.0.2.1, and AF5 2.2.1; airOS 4 XS2/XS5 4.0.4; and EdgeSwitch XP (formerly TOUGHSwitch) 1.3.2.
CVSS 9.8
CVE-2018-8734 METASPLOIT CRITICAL ruby WORKING POC
Nagios XI 5.2.0-5.4.12 - SQL Injection via selInfoKey1 Parameter
SQL injection vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary SQL commands via the selInfoKey1 parameter.
CVSS 9.8
CVE-2020-25592 METASPLOIT CRITICAL ruby WORKING POC
SaltStack Salt - Improper Authentication Bypass via eauth Credential Validation
In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH.
CVSS 9.8