Metasploit

1,875 exploits Active since Aug 1990
CVE-2004-2086 EXPLOITDB ruby WORKING POC
Sambar Server <6.0 - Buffer Overflow
Stack-based buffer overflow in results.stm for Sambar Server before the 6.0 production release allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP POST request with a long query parameter.
CVE-2007-1559 EXPLOITDB ruby WORKING POC
Roxio CinePlayer 3.2 - Remote Code Execution via Long Property Values or Method Arguments
Multiple stack-based buffer overflows in SonicDVDDashVRNav.dll in Roxio CinePlayer 3.2 allow remote attackers to execute arbitrary code via (1) unspecified long property values to SonicMediaPlayer.dll or (2) long arguments to unspecified methods in SonicMediaPlayer.dll.
CVE-2012-5002 EXPLOITDB ruby WORKING POC
Ricoh DC Software DL-10 <4.5.0.1 - Buffer Overflow
Stack-based buffer overflow in SR10 FTP server (SR10.exe) 1.1.0.6 in Ricoh DC Software DL-10 4.5.0.1, when the Log file name option is enabled, allows remote attackers to execute arbitrary code via a long USER FTP command.
CVE-2007-3435 EXPLOITDB ruby WORKING POC
RKD Software BarCodeAx.dll 4.9 - Stack-Based Buffer Overflow via BeginPrint Method
Stack-based buffer overflow in the BeginPrint method in a certain ActiveX control in RKD Software (barcodetools.com) BarCodeAx.dll 4.9 allows remote attackers to execute arbitrary code via a long argument.
CVE-2004-2111 EXPLOITDB ruby WORKING POC
Serv-U FTP Server <4.2 - Buffer Overflow
Stack-based buffer overflow in the site chmod command in Serv-U FTP Server before 4.2 allows remote attackers to execute arbitrary code via a long filename.
EIP-2026-119103 EXPLOITDB ruby WORKING POC
Sami FTP Server - 'LIST' Buffer Overflow (Metasploit)
CVE-2014-6287 EXPLOITDB CRITICAL ruby WORKING POC
Rejetto HTTP File Server <2.3c - RCE
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action.
CVSS 9.8
CVE-2009-4006 EXPLOITDB ruby WORKING POC
RhinoSoft Serv-U <9.1.0.0 - Buffer Overflow
Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexadecimal string.
CVE-2006-2369 EXPLOITDB ruby WORKING POC
RealVNC 4.1.1 - Unauthenticated Authentication Bypass via Insecure Security Type
RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisco CallManager, allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, as originally demonstrated using a long password.
CVE-2008-5664 EXPLOITDB ruby WORKING POC
Realtek Media Player <1.15.0.0 - Buffer Overflow
Stack-based buffer overflow in Realtek Media Player (aka Realtek Sound Manager, RtlRack, or rtlrack.exe) 1.15.0.0 allows remote attackers to execute arbitrary code via a crafted playlist (PLA) file.
CVE-2001-0167 EXPLOITDB ruby WORKING POC
AT&T WinVNC < 3.3.3r7 - Remote Code Execution via Long rfbConnFailed Reason String
Buffer overflow in AT&T WinVNC (Virtual Network Computing) client 3.3.3r7 and earlier allows remote attackers to execute arbitrary commands via a long rfbConnFailed packet with a long reason string.
CVE-2004-0330 EXPLOITDB ruby WORKING POC
Serv-U File Server < 5.0.0.0 - Authenticated Buffer Overflow via MDTM Command
Buffer overflow in Serv-U ftp before 5.0.0.4 allows remote authenticated users to execute arbitrary code via a long time zone argument to the MDTM command.
EIP-2026-119084 EXPLOITDB ruby WORKING POC
RealWin SCADA Server - DATAC Login Buffer Overflow (Metasploit)
CVE-2012-4333 EXPLOITDB ruby WORKING POC
Samsung NET-i viewer 1.37.120316 - Remote Code Execution via BackupToAvi Method
Multiple stack-based buffer overflows in the BackupToAvi method in the (1) UMS_Ctrl 1.5.1.1 and (2) UMS_Ctrl_STW 2.0.1.0 ActiveX controls in Samsung NET-i viewer 1.37.120316 allow remote attackers to execute arbitrary code via a long string in the fname parameter. NOTE: some of these details are obtained from third party information.
CVE-2010-3747 EXPLOITDB ruby WORKING POC
RealPlayer 11.0-11.1 and RealPlayer SP 1.0-1.1.4 - Remote Code Execution via CDDA URI Parsing
An ActiveX control in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 does not properly initialize an unspecified object component during parsing of a CDDA URI, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer dereference and application crash) via a long URI.
CVE-2005-0455 EXPLOITDB ruby WORKING POC
RealNetworks RealPlayer <6.0.12.1056 - Buffer Overflow
Stack-based buffer overflow in the CSmil1Parser::testAttributeFailed function in smlparse.cpp for RealNetworks RealPlayer 10.5 (6.0.12.1056 and earlier), 10, 8, and RealOne Player V2 and V1 allows remote attackers to execute arbitrary code via a .SMIL file with a large system-screen-size value.
CVE-2011-2950 EXPLOITDB ruby WORKING POC
RealPlayer 11.0-11.1 and 14.0.0-14.0.5 and RealPlayer SP 1.0-1.1.5 - Remote Code Execution via Crafted QCP File
Heap-based buffer overflow in qcpfformat.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted QCP file.
CVE-2012-5896 EXPLOITDB ruby WORKING POC
Quest InTrust < 10.4.0.853 - Remote Code Execution via Annotation Objects ActiveX Control
The Annotation Objects Extension ActiveX control in AnnotateX.dll in Quest InTrust 10.4.0.853 and earlier does not properly implement the Add method, which allows remote attackers to execute arbitrary code via a memory address in the first argument, related to an "uninitialized pointer."
CVE-2006-2926 EXPLOITDB ruby WORKING POC
Qbik WinGate 6.1.1.1077 - Buffer Overflow
Stack-based buffer overflow in the WWW Proxy Server of Qbik WinGate 6.1.1.1077 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long URL HTTP request.
CVE-2008-1610 EXPLOITDB ruby WORKING POC
TallSoft Quick TFTP Server Pro 2.1 - Buffer Overflow
Stack-based buffer overflow in TallSoft Quick TFTP Server Pro 2.1 allows remote attackers to cause a denial of service or execute arbitrary code via a long mode field in a read or write request.
EIP-2026-119075 EXPLOITDB ruby WORKING POC
Race River Integard Home/Pro - LoginAdmin Password Stack Buffer Overflow (Metasploit)
CVE-2002-1359 EXPLOITDB ruby WORKING POC
Cisco IOS - Denial of Service via Large SSH Packet Handling
Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code via buffer overflow attacks, as demonstrated by the SSHredder SSH protocol test suite.
CVE-2007-4370 EXPLOITDB ruby WORKING POC
Racer 0.5.3 beta 5 - Buffer Overflow
Multiple buffer overflows in the (1) client and (2) server in Racer 0.5.3 beta 5 allow remote attackers to execute arbitrary code via a long string to UDP port 26000.
CVE-2012-5691 EXPLOITDB ruby WORKING POC
RealNetworks RealPlayer <16.0.0.282-1.1.5 - RCE
Buffer overflow in RealNetworks RealPlayer before 16.0.0.282 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted RealMedia file.
CVE-2011-3322 EXPLOITDB ruby WORKING POC
Scadatec Procyon SCADA < 1.14 - Remote Code Execution via Long Telnet Password
Core Server HMI Service (Coreservice.exe) in Scadatec Limited Procyon SCADA 1.06, and other versions before 1.14, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password to the Telnet (TCP/23) port, which triggers an out-of-bounds read or write, leading to a stack-based buffer overflow.