header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

XWiki Platform – Remote Code Execution

XWiki Platform is vulnerable to a critical Remote Code Execution (RCE) vulnerability that allows guest users to execute arbitrary code remotely via the SolrSearch endpoint. This can result in a complete server compromise, granting the attacker the ability to run commands on the underlying system, impacting the confidentiality, integrity, and availability of the XWiki installation. The issue has been addressed in XWiki versions 15.10.11, 16.4.1, and 16.5.0RC1.

Angular-Base64-Upload Library 0.1.20 – Remote Code Execution (RCE)

The Angular-Base64-Upload Library version 0.1.20 is vulnerable to Remote Code Execution (RCE) prior to v0.1.21. An unauthenticated attacker can exploit this vulnerability to execute arbitrary code on the target system. This exploit has been assigned CVE-2024-42640 with a severity rating of Critical (CVSS 10.0).

Pymatgen 2024.1 – Remote Code Execution (RCE)

The exploit allows an attacker to achieve Remote Code Execution (RCE) on Pymatgen 2024.1 by crafting a malicious CIF file with a reverse shell payload. By triggering the Pymatgen CIF parser to parse this file, an attacker can execute arbitrary commands on the target system.

GetSimpleCMS 3.3.16 – Remote Code Execution (RCE)

An attacker can exploit GetSimpleCMS version 3.3.16 by creating a malicious .phar file that contains a PHP script allowing the execution of arbitrary commands. By uploading this file through a vulnerable upload functionality, the attacker can trigger the execution of the injected code remotely, leading to a remote code execution vulnerability. This vulnerability is identified as CVE-2021-28976.

Apache Commons Text 1.10.0 – Remote Code Execution (Text4Shell – POST-based)

The exploit allows remote code execution in Apache Commons Text version less than 1.10.0 by sending a malicious payload via a POST request. This exploit uses a script interpolator to execute arbitrary commands on the target system.

qBittorrent 5.0.1 MITM Remote Code Execution

The exploit allows an attacker to perform Remote Code Execution on qBittorrent version 5.0.1 and below by intercepting the host machine using a Man-In-The-Middle (MITM) attack. By running the Proof of Concept (PoC) exploit, the attacker can inject any malicious executable instead of the legitimate Python installer.

Recent Exploits: