Metasploit

1,875 exploits Active since Aug 1990
CVE-2013-4798 EXPLOITDB ruby WORKING POC
HP LoadRunner <11.52 - RCE
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1705.
CVE-2013-2367 EXPLOITDB ruby WORKING POC
HP SiteScope <11.21 - RCE
Multiple unspecified vulnerabilities in HP SiteScope 11.20 and 11.21, when SOAP is used, allow remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1678.
CVE-2010-1549 EXPLOITDB ruby WORKING POC
HP LoadRunner <9.50 - RCE
Unspecified vulnerability in the Agent in HP LoadRunner before 9.50 and HP Performance Center before 9.50 allows remote attackers to execute arbitrary code via unknown vectors.
CVE-2007-2139 EXPLOITDB ruby WORKING POC
Broadcom Brightstor Arcserve Backup - Buffer Overflow
Multiple stack-based buffer overflows in the SUN RPC service in CA (formerly Computer Associates) BrightStor ARCserve Media Server, as used in BrightStor ARCserve Backup 9.01 through 11.5 SP2, BrightStor Enterprise Backup 10.5, Server Protection Suite 2, and Business Protection Suite 2, allow remote attackers to execute arbitrary code via malformed RPC strings, a different vulnerability than CVE-2006-5171, CVE-2006-5172, and CVE-2007-1785.
CVE-2005-3190 EXPLOITDB ruby WORKING POC
Computer Associates iGateway <4.0.050623 - RCE
Buffer overflow in Computer Associates (CA) iGateway 3.0 and 4.0 before 4.0.050623, when running in debug mode, allows remote attackers to execute arbitrary code via HTTP GET requests.
CVE-2011-0267 EXPLOITDB ruby WORKING POC
HP Openview Network Node Manager - Memory Corruption
Multiple buffer overflows in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allow remote attackers to execute arbitrary code via a long (1) schdParams or (2) nameParams parameter, a different vulnerability than CVE-2011-0266.
CVE-2011-2404 EXPLOITDB ruby WORKING POC
HP Easy Printer Care Software < 2.5 - Code Injection
A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-4786 and CVE-2011-4787.
CVE-2017-12557 EXPLOITDB CRITICAL ruby WORKING POC
HP Intelligent Management Center < 7.3 - Insecure Deserialization
A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found.
CVSS 9.8
CVE-2012-5201 EXPLOITDB ruby WORKING POC
HP iMC <5.2 E0401 - RCE
Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1611.
CVE-2011-4786 EXPLOITDB ruby WORKING POC
HP Easy Printer Care Software < 2.5 - Code Injection
A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-2404 and CVE-2011-4787.
CVE-2011-0923 EXPLOITDB ruby WORKING POC
HP Data Protector - Improper Input Validation
The client in HP Data Protector does not properly validate EXEC_CMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the "local bin directory."
CVE-2014-2623 EXPLOITDB ruby WORKING POC
HP Storage Data Protector <8 - RCE
Unspecified vulnerability in HP Storage Data Protector 8.x allows remote attackers to execute arbitrary code via unknown vectors.
CVE-2013-4822 EXPLOITDB ruby WORKING POC
HP iMC/BIMS - RCE
Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Branch Intelligent Management System Software Module (aka BIMS) allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1606.
CVE-2011-4789 EXPLOITDB ruby WORKING POC
HP Diagnostics - Memory Corruption
Stack-based buffer overflow in magentservice.exe in the server in HP LoadRunner 11.00 before patch 4 allows remote attackers to execute arbitrary code via a crafted size value in a packet. NOTE: it was originally reported that the affected product is HP Diagnostics Server, but HP states that "the vulnerable product is actually HP LoadRunner."
CVE-2013-2347 EXPLOITDB ruby WORKING POC
HP Storage Data Protector - Denial of Service
The Backup Client Service (OmniInet.exe) in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary commands or cause a denial of service via a crafted EXEC_BAR packet to TCP port 5555, aka ZDI-CAN-1885.
CVE-2013-2333 EXPLOITDB ruby WORKING POC
HP Storage Data Protector <7.01 - RCE
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1680.
CVE-2012-0124 EXPLOITDB ruby WORKING POC
HP Data Protector Express - Denial of Service
Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.00 before build 59287 and 6.0.00 before build 11974 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors.
CVE-2013-6194 EXPLOITDB ruby WORKING POC
HP Storage Data Protector - Denial of Service
Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1905.
EIP-2026-118646 EXPLOITDB ruby WORKING POC
HP Intelligent Management Center UAM - Remote Buffer Overflow (Metasploit)
CVE-2011-1865 EXPLOITDB ruby WORKING POC
HP OpenView Storage Data Protector <6.20 - Buffer Overflow
Multiple stack-based buffer overflows in the inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allow remote attackers to execute arbitrary code via a request containing crafted parameters.
EIP-2026-118644 EXPLOITDB ruby WORKING POC
HP Application Lifecycle Management - 'XGO.ocx' ActiveX 'SetShapeNodeType()' Remote Code Execution (Metasploit)
CVE-2010-3007 EXPLOITDB ruby WORKING POC
HP Data Protector <4.0 - Privilege Escalation/DoS
Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 allows local users to gain privileges or cause a denial of service via unknown vectors.
CVE-2009-2685 EXPLOITDB ruby WORKING POC
HP Power Manager - Buffer Overflow
Stack-based buffer overflow in the login form in the management web server in HP Power Manager allows remote attackers to execute arbitrary code via the Login variable.
CVE-2013-0108 EXPLOITDB ruby WORKING POC
Honeywell Enterprise Buildings Integrator - Code Injection
An ActiveX control in HscRemoteDeploy.dll in Honeywell Enterprise Buildings Integrator (EBI) R310, R400.2, R410.1, and R410.2; SymmetrE R310, R410.1, and R410.2; ComfortPoint Open Manager (aka CPO-M) Station R100; and HMIWeb Browser client packages allows remote attackers to execute arbitrary code via a crafted HTML document.
EIP-2026-118642 EXPLOITDB ruby WORKING POC
Honeywell Tema Remote Installer - ActiveX Remote Code Execution (Metasploit)