MC

466 exploits Active since Mar 1998
CVE-2006-5614 METASPLOIT ruby WORKING POC
Microsoft Windows NAT Helper Components - Denial of Service via Malformed DNS Query
Microsoft Windows NAT Helper Components (ipnathlp.dll) on Windows XP SP2, when Internet Connection Sharing is enabled, allows remote attackers to cause a denial of service (svchost.exe crash) via a malformed DNS query, which results in a null pointer dereference.
CVE-1999-0506 METASPLOIT ruby SCANNER
Windows NT and Windows 2000 - Unauthenticated Remote Access via Null Password
A Windows NT domain user or administrator account has a default, null, blank, or missing password.
CVE-1999-0502 METASPLOIT ruby SCANNER
HP-UX - Unauthenticated Remote Login via Default Null Password
A Unix account has a default, null, blank, or missing password.
CVE-2008-3996 METASPLOIT ruby WORKING POC
Oracle Database <11.1.0.6 - Info Disclosure
Unspecified vulnerability in the Change Data Capture component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.DBMS_CDC_IPUBLISH.
CVE-2009-0978 METASPLOIT ruby WORKING POC
Oracle Database <11.1.0.6 - Info Disclosure
Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-0975.
CVE-2008-3995 METASPLOIT ruby WORKING POC
Oracle Database <11.1.0.6 - Info Disclosure
Unspecified vulnerability in the Change Data Capture component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_CDC_PUBLISH.
CVE-2006-2685 METASPLOIT ruby WORKING POC
Basic Analysis and Security Engine <= 1.2.4 - Remote Code Execution via BASE_path Parameter
PHP remote file inclusion vulnerability in Basic Analysis and Security Engine (BASE) 1.2.4 and earlier, with register_globals enabled, allows remote attackers to execute arbitrary PHP code via a URL in the BASE_path parameter to (1) base_qry_common.php, (2) base_stat_common.php, and (3) includes/base_include.inc.php.
CVE-2010-0870 METASPLOIT ruby WORKING POC
Oracle Database <9.2.0.8 - Info Disclosure
Unspecified vulnerability in the Change Data Capture component in Oracle Database 9.2.0.8 and 9.2.0.8DV allows remote authenticated users to affect confidentiality and integrity, related to SYS.DBMS_CDC_PUBLISH.
CVE-2010-2415 METASPLOIT ruby WORKING POC
Oracle Database Server - Info Disclosure
Unspecified vulnerability in the Change Data Capture component in Oracle Database Server 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_CDC_PUBLISH.
CVE-2006-2081 METASPLOIT ruby WORKING POC
Oracle Database Server 10g Release 2 - Arbitrary SQL Query Execution via DBMS_EXPORT_EXTENSION GET_DOMAIN_INDEX_METADATA
Oracle Database Server 10g Release 2 allows local users to execute arbitrary SQL queries via the GET_DOMAIN_INDEX_METADATA function in the DBMS_EXPORT_EXTENSION package. NOTE: this issue was originally linked to DB05 (CVE-2006-1870), but a reliable third party has claimed that it is not the same issue. Based on details of the problem, the primary issue appears to be insecure privileges that facilitate the introduction of SQL in a way that is not related to special characters, so this is not "SQL injection" per se.
CVE-2008-2905 METASPLOIT ruby WORKING POC
Mambo < 4.6.4 - Remote Code Execution via mosConfig_absolute_path Parameter
PHP remote file inclusion vulnerability in includes/Cache/Lite/Output.php in the Cache_Lite package in Mambo 4.6.4 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2011-2523 METASPLOIT CRITICAL ruby WORKING POC
vsftpd 2.3.4 - Backdoor Command Execution
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
CVSS 9.8
CVE-2010-20059 METASPLOIT CRITICAL ruby WORKING POC
FreeNAS <0.7.2-5543 - Command Injection
FreeNAS 0.7.2 prior to revision 5543 includes an unauthenticated command‐execution backdoor in its web interface. The exec_raw.php script exposes a cmd parameter that is passed directly to the underlying shell without sanitation.
CVE-2010-0738 METASPLOIT MEDIUM ruby WORKING POC
JBoss JMX Console Deployer Upload and Execute
The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.
CVSS 5.3
CVE-2010-20103 METASPLOIT CRITICAL ruby WORKING POC
ProFTPD 1.3.3c - Unauthenticated Remote Code Execution via Hidden FTP Command
A malicious backdoor was embedded in the official ProFTPD 1.3.3c source tarball distributed between November 28 and December 2, 2010. The backdoor implements a hidden FTP command trigger that, when invoked, causes the server to execute arbitrary shell commands with root privileges. This allows remote, unauthenticated attackers to run any OS command on the FTP server host.
CVSS 9.8
CVE-2003-0220 METASPLOIT ruby WORKING POC
Kerio Personal Firewall <2.1.4 - RCE
Buffer overflow in the administrator authentication process for Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute arbitrary code via a handshake packet.
CVE-2008-2158 METASPLOIT ruby WORKING POC
EMC AlphaStor 3.1 SP1 - Remote Code Execution via Crafted TCP Packets
Multiple stack-based buffer overflows in the Command Line Interface process in the Server Agent in EMC AlphaStor 3.1 SP1 for Windows allow remote attackers to execute arbitrary code via crafted TCP packets to port 41025.
CVE-2002-1123 METASPLOIT ruby WORKING POC
Microsoft SQL Server 2000 and MSDE 2000 - Remote Code Execution via Long TCP Port 1433 Request
Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the "Hello" overflow.
CVE-2006-5780 METASPLOIT ruby WORKING POC
XLink Omni-NFS Server 5.2 - Stack-Based Buffer Overflow via Crafted TCP Packet
Stack-based buffer overflow in nfsd.exe in XLink Omni-NFS Server 5.2 allows remote attackers to execute arbitrary code via a crafted TCP packet to port 2049 (nfsd), as demonstrated by vd_xlink.pm.
CVE-2008-0226 METASPLOIT ruby WORKING POC
Oracle Mysql < 1.7.5 - Memory Corruption
Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.
CVE-2005-0768 METASPLOIT ruby WORKING POC
GoodTech Telnet Server 4.0-5.0 - Remote Code Execution via Long String to Port 2380
Buffer overflow in the administration web server for GoodTech Telnet Server 4.0 and 5.0, and possibly all versions before 5.0.7, allows remote attackers to execute arbitrary code via a long string to port 2380.
CVE-2006-3524 METASPLOIT ruby WORKING POC
SIPfoundry sipXtapi <20060324 - RCE
Buffer overflow in SIPfoundry sipXtapi released before 20060324 allows remote attackers to execute arbitrary code via a long CSeq field value in an INVITE message.
CVE-2009-1029 METASPLOIT ruby WORKING POC
POP Peeper < 3.4.0.0 - Remote Code Execution via Long Date Header
Stack-based buffer overflow in POP Peeper 3.4.0.0 and earlier allows remote POP3 servers to execute arbitrary code via a long Date header, related to Imap.dll.
CVE-2006-3838 METASPLOIT ruby WORKING POC
eIQnetworks Enterprise Security Analyzer < 2.4.0 - Remote Code Execution via Multiple Buffer Overflows
Multiple stack-based buffer overflows in eIQnetworks Enterprise Security Analyzer (ESA) before 2.5.0, as used in products including (a) Sidewinder, (b) iPolicy Security Manager, (c) Astaro Report Manager, (d) Fortinet FortiReporter, (e) Top Layer Network Security Analyzer, and possibly other products, allow remote attackers to execute arbitrary code via long (1) DELTAINTERVAL, (2) LOGFOLDER, (3) DELETELOGS, (4) FWASERVER, (5) SYSLOGPUBLICIP, (6) GETFWAIMPORTLOG, (7) GETFWADELTA, (8) DELETERDEPDEVICE, (9) COMPRESSRAWLOGFILE, (10) GETSYSLOGFIREWALLS, (11) ADDPOLICY, and (12) EDITPOLICY commands to the Syslog daemon (syslogserver.exe); (13) GUIADDDEVICE, (14) ADDDEVICE, and (15) DELETEDEVICE commands to the Topology server (Topology.exe); the (15) LICMGR_ADDLICENSE command to the License Manager (EnterpriseSecurityAnalyzer.exe); the (16) TRACE and (17) QUERYMONITOR commands to the Monitoring agent (Monitoring.exe); and possibly other vectors related to the Syslog daemon (syslogserver.exe).
CVE-2007-4006 METASPLOIT ruby WORKING POC
Mike Dubman Windows RSH daemon (rshd) 1.7 - Buffer Overflow
Buffer overflow in Mike Dubman Windows RSH daemon (rshd) 1.7 has unknown impact and remote attack vectors, aka ZD-00000034. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.