Metasploit

1,875 exploits Active since Aug 1990
EIP-2026-118621 EXPLOITDB ruby WORKING POC
Green Dam - URL Processing Buffer Overflow (Metasploit)
CVE-2013-2347 EXPLOITDB ruby WORKING POC
HP Storage Data Protector 6.2X - Remote Code Execution via Crafted EXEC_BAR Packet
The Backup Client Service (OmniInet.exe) in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary commands or cause a denial of service via a crafted EXEC_BAR packet to TCP port 5555, aka ZDI-CAN-1885.
CVE-2013-4837 EXPLOITDB ruby WORKING POC
HP LoadRunner < 11.52 - Remote Code Execution in Virtual User Generator
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1832.
CVE-2018-10594 EXPLOITDB CRITICAL ruby WORKING POC
Delta Industrial Automation COMMGR <1.08 - Buffer Overflow
Delta Industrial Automation COMMGR from Delta Electronics versions 1.08 and prior with accompanying PLC Simulators (DVPSimulator EH2, EH3, ES2, SE, SS2 and AHSIM_5x0, AHSIM_5x1) utilize a fixed-length stack buffer where an unverified length value can be read from the network packets via a specific network port, causing the buffer to be overwritten. This may allow remote code execution, cause the application to crash, or result in a denial-of-service condition in the application server.
CVSS 9.8
CVE-2012-4914 EXPLOITDB ruby WORKING POC
CoolPDF 3.0.2.256 - Buffer Overflow
Stack-based buffer overflow in the reader in CoolPDF 3.0.2.256 allows remote attackers to execute arbitrary code via a PDF document with a crafted stream.
CVE-2008-0955 EXPLOITDB ruby WORKING POC
Creative Software AutoUpdate Engine - Stack-based Buffer Overflow via CacheFolder Property
Stack-based buffer overflow in the Creative Software AutoUpdate Engine ActiveX control in CTSUEng.ocx allows remote attackers to execute arbitrary code via a long CacheFolder property value.
CVE-2005-0581 EXPLOITDB ruby WORKING POC
CA License Client and Server 0.1.0.15 - Multiple Buffer Overflow via GCR Request and GETCONFIG Packet
Multiple buffer overflows in Computer Associates (CA) License Client and Server 0.1.0.15 allow remote attackers to execute arbitrary code via (1) certain long fields in the Checksum item in a GCR request, (2) a long IP address, hostname, or netmask values in a GCR request, (3) a long last parameter in a GETCONFIG packet, or (4) long values in a request with an invalid format.
CVE-2010-2590 EXPLOITDB ruby WORKING POC
SAP Crystal Reports 2008 SP3 Fix Pack 3.2 - Remote Code Execution via Long ServerResourceVersion Property
Heap-based buffer overflow in the CrystalReports12.CrystalPrintControl.1 ActiveX control in PrintControl.dll 12.3.2.753 in SAP Crystal Reports 2008 SP3 Fix Pack 3.2 allows remote attackers to execute arbitrary code via a long ServerResourceVersion property value.
CVE-2007-4620 EXPLOITDB ruby WORKING POC
CA Alert Notification Service <8.1.586.0 - Remote Code Execution
Multiple stack-based buffer overflows in Computer Associates (CA) Alert Notification Service (Alert.exe) 8.1.586.0, 8.0.450.0, and 7.1.758.0, as used in multiple CA products including Anti-Virus for the Enterprise 7.1 through r11.1 and Threat Manager for the Enterprise 8.1 and r8, allow remote authenticated users to execute arbitrary code via crafted RPC requests.
CVE-2008-4397 EXPLOITDB ruby WORKING POC
CA ARCserve Backup r11.1-r12.0 - Remote Command Execution via RPC Interface
Directory traversal vulnerability in the RPC interface (asdbapi.dll) in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to execute arbitrary commands via a .. (dot dot) in an RPC call with opnum 0x10A.
CVE-2007-1435 EXPLOITDB ruby WORKING POC
D-Link TFTP Server 1.0 - Denial of Service via Long GET or PUT Request
Buffer overflow in D-Link TFTP Server 1.0 allows remote attackers to cause a denial of service (crash) via a long (1) GET or (2) PUT request, which triggers memory corruption. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2005-0581 EXPLOITDB ruby WORKING POC
CA License Client and Server 0.1.0.15 - Multiple Buffer Overflow via GCR Request and GETCONFIG Packet
Multiple buffer overflows in Computer Associates (CA) License Client and Server 0.1.0.15 allow remote attackers to execute arbitrary code via (1) certain long fields in the Checksum item in a GCR request, (2) a long IP address, hostname, or netmask values in a GCR request, (3) a long last parameter in a GETCONFIG packet, or (4) long values in a request with an invalid format.
CVE-2014-3789 EXPLOITDB ruby WORKING POC
Cogent DataHub < 7.3.5 - Remote Code Execution via GetPermissions.asp
GetPermissions.asp in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary commands via unspecified vectors.
EIP-2026-118375 EXPLOITDB ruby WORKING POC
Cogent DataHub - HTTP Server Buffer Overflow (Metasploit)
CVE-2011-5007 EXPLOITDB ruby WORKING POC
3S CoDeSys < 3.4 - Remote Code Execution via Long URI to CmpWebServer
Stack-based buffer overflow in the CmpWebServer component in 3S CoDeSys 3.4 SP4 Patch 2 and earlier, as used on the ABB AC500 PLC and possibly other products, allows remote attackers to execute arbitrary code via a long URI to TCP port 8080.
EIP-2026-118378 EXPLOITDB ruby WORKING POC
CommuniCrypt Mail 1.16 - SMTP ActiveX Stack Buffer Overflow (Metasploit)
EIP-2026-118366 EXPLOITDB ruby WORKING POC
Citrix Provisioning Services 5.6 SP1 - Streamprocess Opcode 0x40020006 Buffer Overflow (Metasploit)
EIP-2026-118379 EXPLOITDB ruby WORKING POC
Commvault Communications Service (cvd) - Command Injection (Metasploit)
CVE-2011-3492 EXPLOITDB ruby WORKING POC
Azeotech DAQFactory <5.85.1853 - Buffer Overflow
Stack-based buffer overflow in Azeotech DAQFactory 5.85 build 1853 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted NETB packet to UDP port 20034.
CVE-2018-6892 EXPLOITDB CRITICAL ruby WORKING POC
CloudMe Sync < 1.10.9 - Unauthenticated Remote Buffer Overflow via Port 8888
An issue was discovered in CloudMe before 1.11.0. An unauthenticated remote attacker that can connect to the "CloudMe Sync" client application listening on port 8888 can send a malicious payload causing a buffer overflow condition. This will result in an attacker controlling the program's execution flow and allowing arbitrary code execution.
CVSS 9.8
CVE-2011-2882 EXPLOITDB ruby WORKING POC
Citrix Access Gateway Enterprise Edition 8.1-67.7 9.0-70.5 9.1-96.4 - Remote Code Execution via Crafted HTTP Header Data
Stack-based buffer overflow in the NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 allows remote attackers to execute arbitrary code via crafted HTTP header data.
EIP-2026-118362 EXPLOITDB ruby WORKING POC
Citrix Provisioning Services 5.6 - 'streamprocess.exe' Remote Buffer Overflow (Metasploit)
CVE-2008-2639 EXPLOITDB ruby WORKING POC
Citect CitectSCADA 6-7 and CitectFacilities 7 - Remote Code Execution via ODBC Server Service
Stack-based buffer overflow in the ODBC server service in Citect CitectSCADA 6 and 7, and CitectFacilities 7, allows remote attackers to execute arbitrary code via a long string in the second application packet in a TCP session on port 20222.
EIP-2026-118363 EXPLOITDB ruby WORKING POC
Citrix Provisioning Services 5.6 SP1 - Streamprocess Opcode 0x40020000 Buffer Overflow (Metasploit)
EIP-2026-118359 EXPLOITDB ruby WORKING POC
Cisco Linksys PlayerPT - ActiveX Control Buffer Overflow (Metasploit)