Metasploit

1,875 exploits Active since Aug 1990
CVE-2008-0492 EXPLOITDB ruby WORKING POC
Persits XUpload 3.0.0.4 - Stack-based Buffer Overflow via AddFile Method
Stack-based buffer overflow in the Persits.XUpload.2 ActiveX control in XUpload.ocx 3.0.0.4 and earlier in Persits XUpload 3.0 allows remote attackers to execute arbitrary code via a long argument to the AddFile method. NOTE: some of these details are obtained from third party information.
CVE-2009-3693 EXPLOITDB ruby WORKING POC
Persits XUpload - Path Traversal via MakeHttpRequest Method
Directory traversal vulnerability in the Persits.XUpload.2 ActiveX control (XUpload.ocx) in HP LoadRunner 9.5 allows remote attackers to create arbitrary files via \.. (backwards slash dot dot) sequences in the third argument to the MakeHttpRequest method.
EIP-2026-118974 EXPLOITDB ruby WORKING POC
Novell ZENworks Configuration Management Preboot Service 0x06 - Remote Buffer Overflow (Metasploit)
EIP-2026-118975 EXPLOITDB ruby WORKING POC
Novell ZENworks Configuration Management Preboot Service 0x21 - Remote Buffer Overflow (Metasploit)
CVE-2012-2329 EXPLOITDB ruby WORKING POC
PHP 5.4.x < 5.4.3 - Buffer Overflow via HTTP Request Header
Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
CVE-2010-0886 EXPLOITDB ruby WORKING POC
Oracle Java SE/JDK/JRE <6.20 - Info Disclosure
Unspecified vulnerability in the Java Deployment Toolkit component in Oracle Java SE and Java for Business JDK and JRE 6 Update 10 through 19 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
CVE-2004-0330 EXPLOITDB ruby WORKING POC
Serv-U File Server < 5.0.0.0 - Authenticated Buffer Overflow via MDTM Command
Buffer overflow in Serv-U ftp before 5.0.0.4 allows remote authenticated users to execute arbitrary code via a long time zone argument to the MDTM command.
CVE-2014-4872 EXPLOITDB ruby WORKING POC
BMC Track-It! 11.3.0.355 - Unauthenticated Remote Code Execution via .NET Remoting
BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attackers to upload arbitrary files, execute arbitrary code, or obtain sensitive credential and configuration information via a .NET Remoting request to (1) FileStorageService or (2) ConfigurationService.
CVE-2020-13166 EXPLOITDB CRITICAL ruby WORKING POC
MyLittleAdmin 3.8 - Unauthenticated Remote Code Execution via Hardcoded MachineKey
The management tool in MyLittleAdmin 3.8 allows remote attackers to execute arbitrary code because machineKey is hardcoded (the same for all customers' installations) in web.config, and can be used to send serialized ASP code.
CVSS 9.8
CVE-2011-0073 EXPLOITDB ruby WORKING POC
Mozilla Firefox <3.5.19 & <3.6.17, SeaMonkey <2.0.14 - RCE
Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly use nsTreeRange data structures, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer."
CVE-2006-2926 EXPLOITDB ruby WORKING POC
Qbik WinGate 6.1.1.1077 - Buffer Overflow
Stack-based buffer overflow in the WWW Proxy Server of Qbik WinGate 6.1.1.1077 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long URL HTTP request.
CVE-2005-0684 EXPLOITDB ruby WORKING POC
MySQL MaxDB < 7.5.00.26 - Remote Code Execution via WebDAV Lock-Token Header
Multiple buffer overflows in the web tool for MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via (1) an HTTP GET request with a long file parameter after a percent ("%") sign or (2) a long Lock-Token string to the WebDAV functionality, which is not properly handled by the getLockTokenHeader function in WDVHandler_CommonUtils.c.
EIP-2026-118763 EXPLOITDB ruby WORKING POC
McAfee Remediation Client - ActiveX Control Buffer Overflow (Metasploit)
EIP-2026-118764 EXPLOITDB ruby WORKING POC
McAfee SaaS MyCioScan ShowReport - Remote Command Execution (Metasploit)
CVE-2006-4305 EXPLOITDB ruby WORKING POC
MaxDB < 7.6.00.30 - Remote Code Execution via Long Database Name
Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote attackers to execute arbitrary code via a long database name when connecting via a WebDBM client.
EIP-2026-118757 EXPLOITDB ruby WORKING POC
ManageEngine Applications Manager - (Authenticated) Code Execution (Metasploit)
CVE-2014-5005 EXPLOITDB ruby WORKING POC
ManageEngine Desktop Central < 9.0 - Remote Code Execution via File Upload Path Traversal
Directory traversal vulnerability in ZOHO ManageEngine Desktop Central (DC) before 9 build 90055 allows remote attackers to execute arbitrary code via a .. (dot dot) in the fileName parameter in an LFU action to statusUpdate.
CVE-2006-3961 EXPLOITDB ruby WORKING POC
McAfee Security Center 6.0.23 - Buffer Overflow via mcsubmgr.dll Long String Parameters
Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in McAfee Security Center 6.0.23 for Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus, VirusScan, Privacy Service, SpamKiller, AntiSpyware, and QuickClean allows remote user-assisted attackers to execute arbitrary commands via long string parameters, which are later used in vsprintf.
CVE-2015-7387 EXPLOITDB ruby WORKING POC
ManageEngine EventLog Analyzer < 10.6 - SQL Injection via event/runQuery.do Query Parameter
ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions and execute arbitrary SQL commands via an allowed query followed by a disallowed one in the query parameter to event/runQuery.do, as demonstrated by "SELECT 1;INSERT INTO." Fixed in Build 11200.
CVE-2005-1348 EXPLOITDB ruby WORKING POC
MailEnable Enterprise < 1.04 and Professional < 1.54 - Remote Code Execution via HTTP Authorization Header
Buffer overflow in HTTPMail in MailEnable Enterprise 1.04 and earlier and Professional 1.54 and earlier allows remote attackers to execute arbitrary code via a long HTTP Authorization header.
CVE-2005-3155 EXPLOITDB ruby WORKING POC
MailEnable Enterprise 1.1 and Professional 1.6 - Buffer Overflow in W3C Logging
Buffer overflow in the W3C logging for MailEnable Enterprise 1.1 and Professional 1.6 allows remote attackers to execute arbitrary code.
CVE-2005-2278 EXPLOITDB ruby WORKING POC
MailEnable Professional 1.54 - Authenticated Stack-Based Buffer Overflow via IMAP Status Command
Stack-based buffer overflow in the IMAP daemon (imapd) in MailEnable Professional 1.54 allows remote authenticated users to execute arbitrary code via the status command with a long mailbox name.
CVE-2007-5660 EXPLOITDB ruby WORKING POC
MacroVision FLEXnet Connect and InstallShield 2008 - Remote Code Execution via Update Service ActiveX Control
Unspecified vulnerability in the Update Service ActiveX control in isusweb.dll before 6.0.100.65101 in MacroVision FLEXnet Connect and InstallShield 2008 allows remote attackers to execute arbitrary code via an unspecified "unsafe method," possibly involving a buffer overflow.
CVE-2005-4145 EXPLOITDB ruby WORKING POC
Lyris ListManager <8.9b - Info Disclosure
The MSDE version of Lyris ListManager 5.0 through 8.9b configures the sa account in the database to use a password with a small search space ("lyris" and up to 5 digits, possibly from the process ID), which allows remote attackers to gain access via a brute force attack.
CVE-2007-5660 EXPLOITDB ruby WORKING POC
MacroVision FLEXnet Connect and InstallShield 2008 - Remote Code Execution via Update Service ActiveX Control
Unspecified vulnerability in the Update Service ActiveX control in isusweb.dll before 6.0.100.65101 in MacroVision FLEXnet Connect and InstallShield 2008 allows remote attackers to execute arbitrary code via an unspecified "unsafe method," possibly involving a buffer overflow.