Metasploit

1,875 exploits Active since Aug 1990
CVE-2009-0187 EXPLOITDB ruby WORKING POC
Orbit Downloader <2.8.5 - Buffer Overflow
Stack-based buffer overflow in Orbit Downloader 2.8.2 and 2.8.3, and possibly other versions before 2.8.5, allows remote attackers to execute arbitrary code via a crafted HTTP URL with a long host name, which is not properly handled when constructing a "Connecting" log message.
EIP-2026-119020 EXPLOITDB ruby WORKING POC
PCMan FTP Server - 'PUT' Buffer Overflow (Metasploit)
CVE-2011-4044 EXPLOITDB ruby WORKING POC
ARC Informatique PcVue 6.0-10.0 FrontVue and PlantVue - Arbitrary File Write via SVUIGrd.ocx ActiveX Control
An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to modify files via calls to unknown methods.
CVE-2018-2628 EXPLOITDB CRITICAL ruby WORKING POC
Oracle WebLogic Server <12.2.1.3 - RCE
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVSS 9.8
CVE-2013-1559 EXPLOITDB ruby WORKING POC
Oracle Fusion Middleware 10.1.3.5.1 and 11.1.1.6.0 - Authenticated Denial of Service in Content Server
Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1 and 11.1.1.6.0 allows remote authenticated users to affect availability via unknown vectors related to Content Server.
CVE-2008-0492 EXPLOITDB ruby WORKING POC
Persits XUpload 3.0.0.4 - Stack-based Buffer Overflow via AddFile Method
Stack-based buffer overflow in the Persits.XUpload.2 ActiveX control in XUpload.ocx 3.0.0.4 and earlier in Persits XUpload 3.0 allows remote attackers to execute arbitrary code via a long argument to the AddFile method. NOTE: some of these details are obtained from third party information.
CVE-2008-3257 EXPLOITDB ruby WORKING POC
Oracle WebLogic Server <10.3 - Buffer Overflow
Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
CVE-2011-3322 EXPLOITDB ruby WORKING POC
Scadatec Procyon SCADA < 1.14 - Remote Code Execution via Long Telnet Password
Core Server HMI Service (Coreservice.exe) in Scadatec Limited Procyon SCADA 1.06, and other versions before 1.14, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password to the Telnet (TCP/23) port, which triggers an out-of-bounds read or write, leading to a stack-based buffer overflow.
CVE-2012-3152 EXPLOITDB CRITICAL ruby WORKING POC
Oracle Reports Developer - Info Disclosure
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Report Server Component. NOTE: the previous information is from the October 2012 CPU. Oracle has not commented on claims from the original researcher that the URLPARAMETER functionality allows remote attackers to read and upload arbitrary files to reports/rwservlet, and that this issue occurs in earlier versions. NOTE: this can be leveraged with CVE-2012-3153 to execute arbitrary code by uploading a .jsp file.
CVSS 9.1
CVE-2012-5613 EXPLOITDB ruby WORKING POC
MySQL <5.5.19 & MariaDB <5.5.28a - Privilege Escalation
MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the FILE privilege to users who should not have administrative privileges, allows remote authenticated users to gain privileges by leveraging the FILE privilege to create files as the MySQL administrator. NOTE: the vendor disputes this issue, stating that this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: it could be argued that this should not be included in CVE because it is a configuration issue.
CVE-2012-5613 EXPLOITDB ruby WORKING POC
MySQL <5.5.19 & MariaDB <5.5.28a - Privilege Escalation
MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the FILE privilege to users who should not have administrative privileges, allows remote authenticated users to gain privileges by leveraging the FILE privilege to create files as the MySQL administrator. NOTE: the vendor disputes this issue, stating that this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: it could be argued that this should not be included in CVE because it is a configuration issue.
CVE-2014-2424 EXPLOITDB ruby WORKING POC
Oracle Fusion Middleware 11.1.1.7.0 - Privilege Escalation
Unspecified vulnerability in the Oracle Event Processing component in Oracle Fusion Middleware 11.1.1.7.0 allows remote authenticated users to affect integrity via vectors related to CEP system.
CVE-2010-3600 EXPLOITDB ruby WORKING POC
Oracle Database Server <11.2.0.1 - Info Disclosure
Unspecified vulnerability in the Client System Analyzer component in Oracle Database Server 11.1.0.7 and 11.2.0.1 and Enterprise Manager Grid Control 10.2.0.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that this issue involves an exposed JSP script that accepts XML uploads in conjunction with NULL bytes in an unspecified parameter that allow execution of arbitrary code.
CVE-2007-4607 EXPLOITDB ruby WORKING POC
Quiksoft EasyMail SMTP Object <6.0.1 - Buffer Overflow
Buffer overflow in the EasyMailSMTPObj ActiveX control in emsmtp.dll 6.0.1 in the Quiksoft EasyMail SMTP Object, as used in Postcast Server Pro 3.0.61 and other products, allows remote attackers to execute arbitrary code via a long argument to the SubmitToExpress method, a different vulnerability than CVE-2007-1029. NOTE: this may have been fixed in version 6.0.3.15.
EIP-2026-119015 EXPLOITDB ruby WORKING POC
Oracle MySQL for Microsoft Windows - Payload Execution (Metasploit)
CVE-2013-3763 EXPLOITDB ruby WORKING POC
Oracle Endeca Server - Info Disclosure
Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 7.4.0 and 7.5.1.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2013-3764.
CVE-2008-1724 EXPLOITDB ruby WORKING POC
SecureTransport Server <4.6.1 - Buffer Overflow
Stack-based buffer overflow in the IActiveXTransfer.FileTransfer method in the SecureTransport FileTransfer ActiveX control in vcst_en.dll 1.0.0.5 in Tumbleweed SecureTransport Server before 4.6.1 Hotfix 20 allows remote attackers to execute arbitrary code via a long remoteFile parameter.
CVE-2005-2265 EXPLOITDB ruby WORKING POC
Firefox < 1.0.5 and Mozilla < 1.7.9 - Denial of Service via InstallVersion.compareTo
Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to cause a denial of service (access violation and crash), and possibly execute arbitrary code, by calling InstallVersion.compareTo with an object instead of a string.
CVE-2012-0549 EXPLOITDB ruby WORKING POC
Oracle AutoVue Office <20.1.1 - Info Disclosure
Unspecified vulnerability in the Oracle AutoVue Office component in Oracle Supply Chain Products Suite 20.1.1 allows remote attackers to affect confidentiality, integrity, and availability, related to Desktop API.
CVE-2001-0499 EXPLOITDB ruby WORKING POC
Oracle8i < 8.1.7 - Remote Buffer Overflow via TNS Listener Commands
Buffer overflow in Transparent Network Substrate (TNS) Listener in Oracle 8i 8.1.7 and earlier allows remote attackers to gain privileges via a long argument to the commands (1) STATUS, (2) PING, (3) SERVICES, (4) TRC_FILE, (5) SAVE_CONFIG, or (6) RELOAD.
CVE-2008-1117 EXPLOITDB ruby WORKING POC
Timbuktu Pro 8.6.5 - Path Traversal and Arbitrary File Write via Notes Feature
Directory traversal vulnerability in the Notes (aka Flash Notes or instant messages) feature in tb2ftp.dll in Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, allows remote attackers to upload files to arbitrary locations via a destination filename with a \ (backslash) character followed by ../ (dot dot slash) sequences. NOTE: this can be leveraged for code execution by writing to a Startup folder. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-4220.
CVE-2010-4741 EXPLOITDB ruby WORKING POC
Moxa Device Manager <2.3 - Buffer Overflow
Stack-based buffer overflow in MDMUtil.dll in MDMTool.exe in MDM Tool before 2.3 in Moxa Device Manager allows remote MDM Gateways to execute arbitrary code via crafted data in a session on TCP port 54321.
CVE-2013-1690 EXPLOITDB HIGH ruby WORKING POC
Firefox < 22.0 and Thunderbird < 17.0.7 - Remote Code Execution via onreadystatechange Event Handling
Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location.
CVSS 8.8
CVE-2013-0753 EXPLOITDB ruby WORKING POC
Mozilla Firefox <18 - Use After Free
Use-after-free vulnerability in the serializeToStream implementation in the XMLSerializer component in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via crafted web content.
CVE-2002-0965 EXPLOITDB ruby WORKING POC
Oracle 9i - Buffer Overflow via Long SERVICE_NAME Parameter
Buffer overflow in TNS Listener for Oracle 9i Database Server on Windows systems, and Oracle 8 on VM, allows local users to execute arbitrary code via a long SERVICE_NAME parameter, which is not properly handled when writing an error message to a log file.