Ruby Exploits
6,006 exploits tracked across all sources.
Apache Shiro < 1.2.5 - Remote Code Execution via Remember Me Feature
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.
CVSS 9.8
Glossword 1.8.8-1.8.12 - Authenticated Arbitrary File Upload and Remote Code Execution via Administrative Interface
Glossword versions 1.8.8 through 1.8.12 contain an authenticated arbitrary file upload vulnerability. When deployed as a standalone application, the administrative interface (gw_admin.php) allows users with administrator privileges to upload files to the gw_temp/a/ directory. Due to insufficient validation of file type and path, attackers can upload and execute PHP payloads, resulting in remote code execution.
by AkaStep, bcoles
PhpWiki 1.5.0 - Remote Code Execution via Ploticus Module Device Option
The Ploticus module in PhpWiki 1.5.0 allows remote attackers to execute arbitrary code via shell metacharacters in a device option in the edit[content] parameter to index.php/HeIp. NOTE: some of these details are obtained from third party information.
by Benjamin Harris
Apache Jetspeed Arbitrary File Upload
Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the (1) role or (2) user parameter to services/usermanager/users/.
by Andreas Lindh, wvu
CVSS 8.8
Template Injection Vulnerability in Sawtooth Software
A template injection vulnerability exists in Sawtooth Software’s Lighthouse Studio versions prior to 9.16.14 via the ciwweb.pl http://ciwweb.pl/ Perl web application. Exploitation allows an unauthenticated attacker can execute arbitrary commands.
by Maksim Rogov, Adam Kues
Car Rental System 1.0 File Upload RCE (Authenticated)
In Code-Projects Online Car Rental System 1.0, the file upload feature does not validate file extensions or MIME types allowing an attacker to upload a PHP shell without any restrictions and execute commands on the server.
by Aaryan Golatkar
CVSS 6.5
dotcms 3.0-22.02 - Unauthenticated Path Traversal and Remote Code Execution via ContentResource API
An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can craft a multipart form request to post a file whose filename is not initially sanitized. This allows directory traversal, in which the file is saved outside of the intended storage location. If anonymous content creation is enabled, this allows an unauthenticated attacker to upload an executable file, such as a .jsp file, that can lead to remote code execution.
by Shubham Shah, Hussein Daher, jheysel-r7
CVSS 9.8
vtiger CRM < 6.3.0 - Authenticated Unrestricted File Upload and Remote Code Execution via Company Logo Upload
Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.3.0 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in test/logo/.
by Benjamin Daniel Mussler, Touhid M.Shaikh <[email protected]>, SecureLayer7.net
CVSS 8.8
Apache Couchdb Erlang RCE
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations.
by Milton Valencia (wetw0rk), 1F98D, Konstantin Burov, _sadshade, jheysel-r7
CVSS 9.8
PolarBear CMS 2.5 - Unauthenticated Arbitrary File Upload via upload.php
A PHP File Upload Vulnerability exists in PolarBear CMS 2.5 via upload.php, which could let a malicious user execute arbitrary code.
by Fady Mohamed Osman
CVSS 9.8
X7 Chat <2.0.5.1 - Authenticated RCE
lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the preg_replace function with the eval switch.
SP Project & Document Manager <4.22 - Path Traversal
The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be uploaded by changing the file extension's case, for example, from "php" to "pHP".
by Ron Jost
CVSS 8.8
Spring Framework - Remote Code Execution via Data Binding
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
CVSS 9.8
PHP 7.1.x < 7.1.33, 7.2.x < 7.2.24, 7.3.x < 7.3.11 - Remote Code Execution via FPM Buffer Overflow
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.
by neex, cdelafuente-r7
CVSS 8.7
Horde Groupware Webmail Edition <5.2.22 - Code Injection
Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution.
by Andrea Cardaci <[email protected]>
CVSS 9.8
Simple-File-List Plugin <4.2.2 - RCE
The Simple-File-List Plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.2.2 via the rename function which can be used to rename uploaded PHP code with a png extension to use a php extension. This allows unauthenticated attackers to execute code on the server.
by coiffeur, h00die
CVSS 9.8
CuteFlow < 2.11.2 - Unauthenticated Arbitrary File Upload via restart_circulation_values_write.php
CuteFlow version 2.11.2 and earlier contains an arbitrary file upload vulnerability in the restart_circulation_values_write.php script. The application fails to validate or restrict uploaded file types, allowing unauthenticated attackers to upload arbitrary PHP files to the upload/___1/ directory. These files are then accessible via the web server, enabling remote code execution.
by bcoles
ForgeRock Access Management < 6.5.4 & OpenAM 9.0.0-14.6.3 - RCE via Jato PageSession Deserialization
ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/* request to the server. The vulnerability exists due to the usage of Sun ONE Application Framework (JATO) found in versions of Java 8 or earlier
by Michael Stepankin, bwatters-r7, Spencer McIntyre, jheysel-r7
CVSS 9.8
Visual Mining NetCharts Server - Unrestricted File Upload and Remote Code Execution
Unrestricted file upload vulnerability in Visual Mining NetCharts Server allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors.
by sghctoma, juan vazquez
CVSS 9.8
Moodle Teacher Enrollment Privilege Escalation to RCE
In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, teachers of a course were able to assign themselves the manager role within that course.
by HoangKien1020, lanz, h00die
CVSS 8.8
phpMyAdmin <4.0.10.16, <4.4.15.7, <4.6.3 - RCE
phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace e (aka eval) modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table search-and-replace implementation.
by Michal Čihař and Cure53
CVSS 9.8
vBulletin 5.x /ajax/render/widget_tabbedcontainer_tab_panel PHP remote code execution.
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.
by unknown, mekhalleh (RAMELLA Sébastien)
CVSS 9.8
Liferay Portal <7.2.1 CE GA2 - Code Injection
Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS).
by Markus Wulftange, Thomas Etrillard, wvu
CVSS 9.8
Spreecommerce < 0.60.2 - Unauthenticated Remote Code Execution via Search Parameter
Spreecommerce versions prior to 0.60.2 contains a remote command execution vulnerability in its search functionality. The application fails to properly sanitize input passed via the search[send][] parameter, which is dynamically invoked using Ruby’s send method. This allows attackers to execute arbitrary shell commands on the server without authentication.
CVSS 9.8
WordPress Really Simple SSL Plugin Authentication Bypass to RCE
The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'check_login_and_get_user' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, when the "Two-Factor Authentication" setting is enabled (disabled by default).
by Valentin Lobstein, István Márton
CVSS 9.8
By Source