wvu

151 exploits Active since Apr 2014
EIP-2026-113831 EXPLOITDB ruby WORKING POC
WordPress Plugin InfiniteWP - Client Authentication Bypass (Metasploit)
CVE-2018-9206 EXPLOITDB CRITICAL ruby WORKING POC
Blueimp jQuery-File-Upload <=9.22.0 - File Upload
Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0
CVSS 9.8
CVE-2016-10033 EXPLOITDB CRITICAL ruby WORKING POC
PHPMailer Sendmail Argument Injection
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
CVSS 9.8
CVE-2019-6340 EXPLOITDB HIGH ruby WORKING POC
Drupal < 8.5.11 - Insecure Deserialization
Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows PATCH or POST requests, or the site has another web services module enabled, like JSON:API in Drupal 8, or Services or RESTful Web Services in Drupal 7. (Note: The Drupal 7 Services module itself does not require an update at this time, but you should apply other contributed updates associated with this advisory if Services is in use.)
CVSS 8.1
CVE-2015-1130 EXPLOITDB HIGH ruby WORKING POC
Apple OS X Rootpipe Privilege Escalation
The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges via unspecified vectors.
CVSS 7.8
CVE-2019-11539 EXPLOITDB HIGH ruby WORKING POC
Pulse Secure <9.0R3.4-5.1R15.1 - Authenticated Command Injection
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin web interface allows an authenticated attacker to inject and execute commands.
CVSS 7.2
CVE-2020-10189 EXPLOITDB CRITICAL ruby WORKING POC
Zohocorp Manageengine Desktop Central - Insecure Deserialization
Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. This is related to the CewolfServlet and MDMLogUploaderServlet servlets.
CVSS 9.8
CVE-2018-11776 EXPLOITDB HIGH ruby WORKING POC
Apache Struts 2 Namespace Redirect OGNL Injection
Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace.
CVSS 8.1
CVE-2016-3714 EXPLOITDB HIGH ruby WORKING POC
ImageMagick <6.9.3-10 & <7.0.1-1 - RCE
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."
CVSS 8.4
EIP-2026-103142 EXPLOITDB ruby WORKING POC
HP VAN SDN Controller - Root Command Injection (Metasploit)
CVE-2019-9082 EXPLOITDB HIGH ruby WORKING POC
Thinkphp < 3.2.4 - Missing Authentication
ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command.
CVSS 8.8
CVE-2020-7247 EXPLOITDB CRITICAL ruby WORKING POC
Openbsd Opensmtpd - Improper Exception Handling
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.
CVSS 9.8
CVE-2020-10199 EXPLOITDB HIGH ruby WORKING POC
Nexus Repository Manager Java EL Injection RCE
Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).
CVSS 8.8
EIP-2026-103174 EXPLOITDB ruby WORKING POC
Nagios XI Chained - Remote Code Execution (Metasploit)
CVE-2018-10662 EXPLOITDB CRITICAL ruby WORKING POC
Axis IP Cameras - Info Disclosure
An issue was discovered in multiple models of Axis IP Cameras. There is an Exposed Insecure Interface.
CVSS 9.8
CVE-2020-8794 EXPLOITDB CRITICAL ruby WORKING POC
OpenSMTPD OOB Read Local Privilege Escalation
OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server code launches the client code during bounce handling.
CVSS 9.8
EIP-2026-103061 EXPLOITDB ruby WORKING POC
Apache Continuum - Arbitrary Command Execution (Metasploit)
CVE-2016-1531 EXPLOITDB HIGH ruby WORKING POC
Exim <4.86.2 - Privilege Escalation
Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument.
CVSS 7.0
CVE-2018-16509 EXPLOITDB HIGH ruby WORKING POC
Artifex Ghostscript <9.24 - Privilege Escalation
An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restoration of privilege" checking during handling of /invalidaccess exceptions could be used by attackers able to supply crafted PostScript to execute code using the "pipe" instruction.
CVSS 7.8
CVE-2016-0710 EXPLOITDB HIGH ruby WORKING POC
Apache Jetspeed Arbitrary File Upload
Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the (1) role or (2) user parameter to services/usermanager/users/.
CVSS 8.8
CVE-2016-0492 EXPLOITDB ruby WORKING POC
Oracle Application Testing Suite - Info Disclosure
Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Load Testing for Web Apps, a different vulnerability than CVE-2016-0488. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the isAllowedUrl function, which allows remote attackers to bypass authentication via directory traversal sequences following a URI entry that does not require authentication, as demonstrated by olt/Login.do/../../olt/UploadFileUpload.do.
CVE-2020-7961 EXPLOITDB CRITICAL WORKING POC
Liferay Portal <7.2.1 CE GA2 - Code Injection
Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS).
CVSS 9.8
CVE-2019-1003002 EXPLOITDB HIGH ruby WORKING POC
Pipeline: Declarative Plugin <1.3.3 - RCE
A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.
CVSS 8.8
EIP-2026-101372 EXPLOITDB ruby WORKING POC
Netgear - 'TelnetEnable' Magic Packet (Metasploit)
EIP-2026-100692 EXPLOITDB ruby WORKING POC
Morris Worm - fingerd Stack Buffer Overflow (Metasploit)