wvu

151 exploits Active since Apr 2014
CVE-2021-21975 METASPLOIT HIGH ruby WORKING POC
VMware vRealize Operations Manager < 8.4 - Server-Side Request Forgery via API
Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials.
CVSS 7.5
CVE-2019-15107 METASPLOIT CRITICAL ruby WORKING POC
Webmin <= 1.920 - OS Command Injection via password_change.cgi Old Parameter
An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.
CVSS 9.8
CVE-2021-22005 METASPLOIT CRITICAL ruby WORKING POC
VMware Cloud Foundation 3.0-4.0 and vCenter Server - Arbitrary File Upload via Analytics Service
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file.
CVSS 9.8
CVE-2021-21307 METASPLOIT HIGH ruby WORKING POC
Lucee Server <5.3.7.47-5.3.6.68-5.3.5.96 - RCE
Lucee Server is a dynamic, Java based (JSR-223), tag and scripting language used for rapid web application development. In Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 there is an unauthenticated remote code exploit. This is fixed in versions 5.3.7.47, 5.3.6.68 or 5.3.5.96. As a workaround, one can block access to the Lucee Administrator.
CVSS 8.6
CVE-2021-21985 METASPLOIT CRITICAL ruby WORKING POC
VMware vCenter Server - Remote Code Execution via Virtual SAN Health Check Plugin
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.
CVSS 9.8
CVE-2021-21978 METASPLOIT CRITICAL ruby WORKING POC
VMware View Planner 4.0-4.5 - Unauthenticated Remote Code Execution via Logupload Arbitrary File Upload
VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability. Improper input validation and lack of authorization leading to arbitrary file upload in logupload web application. An unauthorized attacker with network access to View Planner Harness could upload and execute a specially crafted file leading to remote code execution within the logupload container.
CVSS 9.8
CVE-2020-3243 METASPLOIT CRITICAL ruby WORKING POC
Cisco UCS Director - Auth Bypass/Path Traversal
Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
CVSS 9.8
CVE-2021-1499 METASPLOIT MEDIUM ruby WORKING POC
Cisco HyperFlex HX Data Platform unauthenticated file upload to RCE (CVE-2021-1499)
A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to upload files to an affected device. This vulnerability is due to missing authentication for the upload function. An attacker could exploit this vulnerability by sending a specific HTTP request to an affected device. A successful exploit could allow the attacker to upload files to the affected device with the permissions of the tomcat8 user.
CVSS 5.3
CVE-2020-10199 METASPLOIT HIGH ruby WORKING POC
Nexus Repository Manager Java EL Injection RCE
Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).
CVSS 8.8
CVE-2020-15505 METASPLOIT CRITICAL ruby WORKING POC
MobileIron MDM Hessian-Based Java Deserialization RCE
A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; and Sentry versions 9.7.2 and earlier, and 9.8.0; and Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier that allows remote attackers to execute arbitrary code via unspecified vectors.
CVSS 9.8
CVE-2021-26295 METASPLOIT CRITICAL ruby WORKING POC
Apache OFBiz SOAP Java Deserialization
Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz.
CVSS 9.8
CVE-2021-22986 METASPLOIT CRITICAL ruby WORKING POC
F5 iControl REST Unauthenticated SSRF Token Generation RCE
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2, the iControl REST interface has an unauthenticated remote command execution vulnerability. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
CVSS 9.8
CVE-2016-10372 METASPLOIT CRITICAL ruby WORKING POC
Eir D1000 Modem Firmware - Remote Code Execution via TR-064 Protocol
The Eir D1000 modem does not properly restrict the TR-064 protocol, which allows remote attackers to execute arbitrary commands via TCP port 7547, as demonstrated by opening WAN access to TCP port 80, retrieving the login password (which defaults to the Wi-Fi password), and using the NewNTPServer feature.
CVSS 9.8
CVE-2021-1498 METASPLOIT CRITICAL ruby WORKING POC
Cisco HyperFlex HX Data Platform < 4.0(2e) - Unauthenticated OS Command Injection
Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
CVSS 9.8
CVE-2018-10660 METASPLOIT CRITICAL ruby WORKING POC
Axis IP Cameras - OS Command Injection
An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection.
CVSS 9.8
CVE-2019-11539 METASPLOIT HIGH ruby WORKING POC
Pulse Secure <9.0R3.4-5.1R15.1 - Authenticated Command Injection
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin web interface allows an authenticated attacker to inject and execute commands.
CVSS 7.2
CVE-2015-1130 METASPLOIT HIGH ruby WORKING POC
Apple OS X Rootpipe Privilege Escalation
The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges via unspecified vectors.
CVSS 7.8
CVE-2020-13166 EXPLOITDB CRITICAL ruby WORKING POC
MyLittleAdmin 3.8 - Unauthenticated Remote Code Execution via Hardcoded MachineKey
The management tool in MyLittleAdmin 3.8 allows remote attackers to execute arbitrary code because machineKey is hardcoded (the same for all customers' installations) in web.config, and can be used to send serialized ASP code.
CVSS 9.8
CVE-2017-0148 EXPLOITDB HIGH ruby WORKING POC
Microsoft Windows SMBv1 - Remote Code Execution via Crafted Packets
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, and CVE-2017-0146.
CVSS 8.1
EIP-2026-114793 EXPLOITDB ruby WORKING POC
Morris Worm - sendmail Debug Mode Shell Escape (Metasploit)
EIP-2026-114792 EXPLOITDB ruby WORKING POC
Morris Worm - sendmail Debug Mode Shell Escape (Metasploit)
EIP-2026-114766 EXPLOITDB ruby WORKING POC
Emacs - movemail Privilege Escalation (Metasploit)
EIP-2026-114765 EXPLOITDB ruby WORKING POC
Emacs - movemail Privilege Escalation (Metasploit)
CVE-2020-14871 EXPLOITDB CRITICAL python WORKING POC
Oracle Solaris 10-11 - Privilege Escalation
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. Note: This CVE is not exploitable for Solaris 11.1 and later releases, and ZFSSA 8.7 and later releases, thus the CVSS Base Score is 0.0. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
CVSS 10.0
CVE-2014-8517 EXPLOITDB ruby WORKING POC
macOS X - Remote Command Execution via HTTP Redirect Pipe Character
The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect.