Metasploit

1,875 exploits Active since Aug 1990
CVE-2018-15442 EXPLOITDB HIGH ruby WORKING POC
Cisco Webex Meetings <33.6.4 & Productivity Tools 32.6.0-33.0.6 OS Command Injection
A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. The vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by invoking the update service command with a crafted argument. An exploit could allow the attacker to run arbitrary commands with SYSTEM user privileges. While the CVSS Attack Vector metric denotes the requirement for an attacker to have local access, administrators should be aware that in Active Directory deployments, the vulnerability could be exploited remotely by leveraging the operating system remote management tools.
CVSS 7.8
CVE-2006-5198 EXPLOITDB ruby WORKING POC
WinZip 10.0 - Remote Code Execution via WZFILEVIEW.FileViewCtrl.61 ActiveX Control
The WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka Sky Software "FileView" ActiveX control) for WinZip 10.0 before build 7245 allows remote attackers to execute arbitrary code via unspecified "unsafe methods."
CVE-2012-1775 EXPLOITDB ruby WORKING POC
VLC media player < 2.0.1 - Remote Code Execution via Crafted MMS Stream
Stack-based buffer overflow in VideoLAN VLC media player before 2.0.1 allows remote attackers to execute arbitrary code via a crafted MMS:// stream.
CVE-2011-1574 EXPLOITDB ruby WORKING POC
libmodplug <0.8.8.2 - Buffer Overflow
Stack-based buffer overflow in the ReadS3M method in load_s3m.cpp in libmodplug before 0.8.8.2 allows remote attackers to execute arbitrary code via a crafted S3M file.
CVE-2010-5194 EXPLOITDB ruby WORKING POC
Viscom Image Viewer <8.0 - Buffer Overflow
Stack-based buffer overflow in the Image2PDF function in the SCRIBBLE.ScribbleCtrl.1 ActiveX control (ImageViewer2.ocx) in Viscom Image Viewer CP Pro 8.0, Gold 5.5, Gold 6.0, and earlier allows remote attackers to execute arbitrary code via a long strPDFFile parameter.
CVE-2010-0356 EXPLOITDB ruby WORKING POC
Viscom Software Movie Player Pro SDK ActiveX 6.8 - Stack-Based Buffer Overflow via DrawText strFontName Parameter
Stack-based buffer overflow in the MOVIEPLAYER.MoviePlayerCtrl.1 ActiveX control in MoviePlayer.ocx 6.8.0.0 in Viscom Software Movie Player Pro SDK ActiveX 6.8 allows remote attackers to execute arbitrary code via a long strFontName parameter to the DrawText method.
CVE-2010-3275 EXPLOITDB ruby WORKING POC
VideoLAN VLC Media Player <1.1.8 - RCE
libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an AMV file, related to a "dangling pointer vulnerability."
CVE-2011-3360 EXPLOITDB ruby WORKING POC
Wireshark <1.4.9, <1.6.2 - Privilege Escalation
Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x before 1.6.2 allows local users to gain privileges via a Trojan horse Lua script in an unspecified directory.
CVE-2012-3569 EXPLOITDB ruby WORKING POC
VMware OVF Tool 2.1 - Remote Code Execution via Crafted OVF File
Format string vulnerability in VMware OVF Tool 2.1 on Windows, as used in VMware Workstation 8.x before 8.0.5, VMware Player 4.x before 4.0.5, and other products, allows user-assisted remote attackers to execute arbitrary code via a crafted OVF file.
CVE-2014-0782 EXPLOITDB ruby WORKING POC
Yokogawa CENTUM CS 1000/3000, VP, Exaopc, B/M9000CS/VP - Remote Code Execution
Stack-based buffer overflow in BKESimmgr.exe in the Expanded Test Functions package in Yokogawa CENTUM CS 1000, CENTUM CS 3000 Entry Class R3.09.50 and earlier, CENTUM VP R5.03.00 and earlier, CENTUM VP Entry Class R5.03.00 and earlier, Exaopc R3.71.02 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier allows remote attackers to execute arbitrary code via a crafted packet.
CVE-2014-3888 EXPLOITDB ruby WORKING POC
Yokogawa CENTUM CS 1000-VP - Buffer Overflow
Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM VP R5.03.20 and earlier, Exaopc R3.72.00 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier, when FCS/Test Function is enabled, allows remote attackers to execute arbitrary code via a crafted packet.
CVE-2008-1309 EXPLOITDB ruby WORKING POC
RealPlayer - Remote Code Execution via RealAudioObjects.RealAudio ActiveX Control
The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, RealPlayer 10.5 before build 6.0.12.1675, and RealPlayer 11 before 11.0.3 build 6.0.14.806 does not properly manage memory for the (1) Console or (2) Controls property, which allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via a series of assignments of long string values, which triggers an overwrite of freed heap memory.
CVE-2008-5664 EXPLOITDB ruby WORKING POC
Realtek Media Player <1.15.0.0 - Buffer Overflow
Stack-based buffer overflow in Realtek Media Player (aka Realtek Sound Manager, RtlRack, or rtlrack.exe) 1.15.0.0 allows remote attackers to execute arbitrary code via a crafted playlist (PLA) file.
CVE-2007-5601 EXPLOITDB ruby WORKING POC
RealPlayer - Stack-based Buffer Overflow in Database Component via Playlist Name
Stack-based buffer overflow in the Database Component in MPAMedia.dll in RealNetworks RealPlayer 10.5 and 11 beta, and earlier versions including 10, RealOne Player, and RealOne Player 2, allows remote attackers to execute arbitrary code via certain playlist names, as demonstrated via the import method to the IERPCtl ActiveX control in ierpplug.dll.
CVE-2010-3747 EXPLOITDB ruby WORKING POC
RealPlayer 11.0-11.1 and RealPlayer SP 1.0-1.1.4 - Remote Code Execution via CDDA URI Parsing
An ActiveX control in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 does not properly initialize an unspecified object component during parsing of a CDDA URI, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer dereference and application crash) via a long URI.
CVE-2005-0455 EXPLOITDB ruby WORKING POC
RealNetworks RealPlayer <6.0.12.1056 - Buffer Overflow
Stack-based buffer overflow in the CSmil1Parser::testAttributeFailed function in smlparse.cpp for RealNetworks RealPlayer 10.5 (6.0.12.1056 and earlier), 10, 8, and RealOne Player V2 and V1 allows remote attackers to execute arbitrary code via a .SMIL file with a large system-screen-size value.
CVE-2011-2950 EXPLOITDB ruby WORKING POC
RealPlayer 11.0-11.1 and 14.0.0-14.0.5 and RealPlayer SP 1.0-1.1.5 - Remote Code Execution via Crafted QCP File
Heap-based buffer overflow in qcpfformat.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted QCP file.
CVE-2012-5691 EXPLOITDB ruby WORKING POC
RealNetworks RealPlayer <16.0.0.282-1.1.5 - RCE
Buffer overflow in RealNetworks RealPlayer before 16.0.0.282 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted RealMedia file.
CVE-2007-4370 EXPLOITDB ruby WORKING POC
Racer 0.5.3 beta 5 - Buffer Overflow
Multiple buffer overflows in the (1) client and (2) server in Racer 0.5.3 beta 5 allow remote attackers to execute arbitrary code via a long string to UDP port 26000.
CVE-2006-2369 EXPLOITDB ruby WORKING POC
RealVNC 4.1.1 - Unauthenticated Authentication Bypass via Insecure Security Type
RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisco CallManager, allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, as originally demonstrated using a long password.
CVE-2006-2926 EXPLOITDB ruby WORKING POC
Qbik WinGate 6.1.1.1077 - Buffer Overflow
Stack-based buffer overflow in the WWW Proxy Server of Qbik WinGate 6.1.1.1077 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long URL HTTP request.
CVE-2002-1359 EXPLOITDB ruby WORKING POC
Cisco IOS - Denial of Service via Large SSH Packet Handling
Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code via buffer overflow attacks, as demonstrated by the SSHredder SSH protocol test suite.
CVE-2012-5896 EXPLOITDB ruby WORKING POC
Quest InTrust < 10.4.0.853 - Remote Code Execution via Annotation Objects ActiveX Control
The Annotation Objects Extension ActiveX control in AnnotateX.dll in Quest InTrust 10.4.0.853 and earlier does not properly implement the Add method, which allows remote attackers to execute arbitrary code via a memory address in the first argument, related to an "uninitialized pointer."
CVE-2006-4948 EXPLOITDB ruby WORKING POC
ProSysInfo TFTP Server TFTPDWIN <0.4.2 - Buffer Overflow
Stack-based buffer overflow in tftpd.exe in ProSysInfo TFTP Server TFTPDWIN 0.4.2 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a long file name. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2004-0326 EXPLOITDB ruby WORKING POC
professional_gatekeeper 4.7 - Remote Code Execution via Long GET Request
Buffer overflow in the web proxy for GateKeeper Pro 4.7 allows remote attackers to execute arbitrary code via a long GET request.