Metasploit

1,875 exploits Active since Aug 1990
CVE-2001-0167 EXPLOITDB ruby WORKING POC
AT&T WinVNC < 3.3.3r7 - Remote Code Execution via Long rfbConnFailed Reason String
Buffer overflow in AT&T WinVNC (Virtual Network Computing) client 3.3.3r7 and earlier allows remote attackers to execute arbitrary commands via a long rfbConnFailed packet with a long reason string.
CVE-2010-3747 EXPLOITDB ruby WORKING POC
RealPlayer 11.0-11.1 and RealPlayer SP 1.0-1.1.4 - Remote Code Execution via CDDA URI Parsing
An ActiveX control in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 does not properly initialize an unspecified object component during parsing of a CDDA URI, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer dereference and application crash) via a long URI.
EIP-2026-119084 EXPLOITDB ruby WORKING POC
RealWin SCADA Server - DATAC Login Buffer Overflow (Metasploit)
CVE-2011-2950 EXPLOITDB ruby WORKING POC
RealPlayer 11.0-11.1 and 14.0.0-14.0.5 and RealPlayer SP 1.0-1.1.5 - Remote Code Execution via Crafted QCP File
Heap-based buffer overflow in qcpfformat.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted QCP file.
CVE-2004-2111 EXPLOITDB ruby WORKING POC
Serv-U FTP Server <4.2 - Buffer Overflow
Stack-based buffer overflow in the site chmod command in Serv-U FTP Server before 4.2 allows remote attackers to execute arbitrary code via a long filename.
CVE-2006-2926 EXPLOITDB ruby WORKING POC
Qbik WinGate 6.1.1.1077 - Buffer Overflow
Stack-based buffer overflow in the WWW Proxy Server of Qbik WinGate 6.1.1.1077 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long URL HTTP request.
CVE-2004-0326 EXPLOITDB ruby WORKING POC
professional_gatekeeper 4.7 - Remote Code Execution via Long GET Request
Buffer overflow in the web proxy for GateKeeper Pro 4.7 allows remote attackers to execute arbitrary code via a long GET request.
CVE-2012-5896 EXPLOITDB ruby WORKING POC
Quest InTrust < 10.4.0.853 - Remote Code Execution via Annotation Objects ActiveX Control
The Annotation Objects Extension ActiveX control in AnnotateX.dll in Quest InTrust 10.4.0.853 and earlier does not properly implement the Add method, which allows remote attackers to execute arbitrary code via a memory address in the first argument, related to an "uninitialized pointer."
CVE-2006-3252 EXPLOITDB ruby WORKING POC
PrivateWire Gateway <= 3.7 - Remote Code Execution via Long GET Request
Buffer overflow in the Online Registration Facility for Algorithmic Research PrivateWire VPN software up to 3.7 allows remote attackers to execute arbitrary code via a long GET request.
CVE-2009-1029 EXPLOITDB ruby WORKING POC
POP Peeper < 3.4.0.0 - Remote Code Execution via Long Date Header
Stack-based buffer overflow in POP Peeper 3.4.0.0 and earlier allows remote POP3 servers to execute arbitrary code via a long Date header, related to Imap.dll.
CVE-2011-3322 EXPLOITDB ruby WORKING POC
Scadatec Procyon SCADA < 1.14 - Remote Code Execution via Long Telnet Password
Core Server HMI Service (Coreservice.exe) in Scadatec Limited Procyon SCADA 1.06, and other versions before 1.14, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password to the Telnet (TCP/23) port, which triggers an out-of-bounds read or write, leading to a stack-based buffer overflow.
CVE-2009-3976 EXPLOITDB ruby WORKING POC
Labtam ProFTP 2.9 - Buffer Overflow
Buffer overflow in Labtam ProFTP 2.9 allows remote FTP servers to cause a denial of service (application crash) or execute arbitrary code via a long 220 reply (aka connection greeting or welcome message).
CVE-2009-1029 EXPLOITDB ruby WORKING POC
POP Peeper < 3.4.0.0 - Remote Code Execution via Long Date Header
Stack-based buffer overflow in POP Peeper 3.4.0.0 and earlier allows remote POP3 servers to execute arbitrary code via a long Date header, related to Imap.dll.
CVE-2006-4948 EXPLOITDB ruby WORKING POC
ProSysInfo TFTP Server TFTPDWIN <0.4.2 - Buffer Overflow
Stack-based buffer overflow in tftpd.exe in ProSysInfo TFTP Server TFTPDWIN 0.4.2 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a long file name. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2008-1610 EXPLOITDB ruby WORKING POC
TallSoft Quick TFTP Server Pro 2.1 - Buffer Overflow
Stack-based buffer overflow in TallSoft Quick TFTP Server Pro 2.1 allows remote attackers to cause a denial of service or execute arbitrary code via a long mode field in a read or write request.
CVE-2002-1359 EXPLOITDB ruby WORKING POC
Cisco IOS - Denial of Service via Large SSH Packet Handling
Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code via buffer overflow attacks, as demonstrated by the SSHredder SSH protocol test suite.
CVE-2012-2329 EXPLOITDB ruby WORKING POC
PHP 5.4.x < 5.4.3 - Buffer Overflow via HTTP Request Header
Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
CVE-2009-3693 EXPLOITDB ruby WORKING POC
Persits XUpload - Path Traversal via MakeHttpRequest Method
Directory traversal vulnerability in the Persits.XUpload.2 ActiveX control (XUpload.ocx) in HP LoadRunner 9.5 allows remote attackers to create arbitrary files via \.. (backwards slash dot dot) sequences in the third argument to the MakeHttpRequest method.
CVE-2007-4370 EXPLOITDB ruby WORKING POC
Racer 0.5.3 beta 5 - Buffer Overflow
Multiple buffer overflows in the (1) client and (2) server in Racer 0.5.3 beta 5 allow remote attackers to execute arbitrary code via a long string to UDP port 26000.
CVE-2005-0455 EXPLOITDB ruby WORKING POC
RealNetworks RealPlayer <6.0.12.1056 - Buffer Overflow
Stack-based buffer overflow in the CSmil1Parser::testAttributeFailed function in smlparse.cpp for RealNetworks RealPlayer 10.5 (6.0.12.1056 and earlier), 10, 8, and RealOne Player V2 and V1 allows remote attackers to execute arbitrary code via a .SMIL file with a large system-screen-size value.
CVE-2020-13166 EXPLOITDB CRITICAL ruby WORKING POC
MyLittleAdmin 3.8 - Unauthenticated Remote Code Execution via Hardcoded MachineKey
The management tool in MyLittleAdmin 3.8 allows remote attackers to execute arbitrary code because machineKey is hardcoded (the same for all customers' installations) in web.config, and can be used to send serialized ASP code.
CVSS 9.8
CVE-2012-5691 EXPLOITDB ruby WORKING POC
RealNetworks RealPlayer <16.0.0.282-1.1.5 - RCE
Buffer overflow in RealNetworks RealPlayer before 16.0.0.282 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted RealMedia file.
CVE-2008-1309 EXPLOITDB ruby WORKING POC
RealPlayer - Remote Code Execution via RealAudioObjects.RealAudio ActiveX Control
The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, RealPlayer 10.5 before build 6.0.12.1675, and RealPlayer 11 before 11.0.3 build 6.0.14.806 does not properly manage memory for the (1) Console or (2) Controls property, which allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via a series of assignments of long string values, which triggers an overwrite of freed heap memory.
CVE-2008-5664 EXPLOITDB ruby WORKING POC
Realtek Media Player <1.15.0.0 - Buffer Overflow
Stack-based buffer overflow in Realtek Media Player (aka Realtek Sound Manager, RtlRack, or rtlrack.exe) 1.15.0.0 allows remote attackers to execute arbitrary code via a crafted playlist (PLA) file.
CVE-2011-4044 EXPLOITDB ruby WORKING POC
ARC Informatique PcVue 6.0-10.0 FrontVue and PlantVue - Arbitrary File Write via SVUIGrd.ocx ActiveX Control
An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to modify files via calls to unknown methods.