Metasploit

1,875 exploits Active since Aug 1990
CVE-2011-1774 EXPLOITDB ruby WORKING POC
Cross Platform Webkit File Dropper
WebKit in Apple Safari before 5.0.6 has improper libxslt security settings, which allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted web site. NOTE: this may overlap CVE-2011-1425.
CVE-2010-0103 EXPLOITDB ruby WORKING POC
Energizer DUO USB - Remote Code Execution via TCP Port 7777
UsbCharger.dll in the Energizer DUO USB battery charger software contains a backdoor that is implemented through the Arucer.dll file in the %WINDIR%\system32 directory, which allows remote attackers to download arbitrary programs onto a Windows PC, and execute these programs, via a request to TCP port 7777.
CVE-2007-5107 EXPLOITDB ruby WORKING POC
ask.com ask_toolbar < 4.0.2.53 - Stack-based Buffer Overflow via ShortFormat Property
Stack-based buffer overflow in the AskJeevesToolBar.SettingsPlugin.1 ActiveX control in askBar.dll in IAC Search & Media ask.com Ask Toolbar 4.0.2.53 and earlier allows remote attackers to execute arbitrary code via a long ShortFormat property value. NOTE: some of these details are obtained from third party information. NOTE: the researcher claims that this is the same as CVE-2007-5108, but there is insufficient detail for CVE-2007-5108 to be certain.
CVE-2008-1491 EXPLOITDB ruby WORKING POC
ASUS Remote Console <2.0.0.19,2.0.0.24 - Buffer Overflow
Stack-based buffer overflow in the DPC Proxy server (DpcProxy.exe) in ASUS Remote Console (aka ARC or ASMB3) 2.0.0.19 and 2.0.0.24 allows remote attackers to execute arbitrary code via a long string to TCP port 623.
CVE-2012-4924 EXPLOITDB ruby WORKING POC
ASUS Net4Switch 1.0.0020 - Buffer Overflow
Buffer overflow in the CxDbgPrint function in the ipswcom.dll ActiveX component 1.0.0.1 for ASUS Net4Switch 1.0.0020 allows remote attackers to execute arbitrary code via a long parameter to the Alert method.
EIP-2026-118286 EXPLOITDB ruby WORKING POC
AtHocGov IWSAlerts - ActiveX Control Buffer Overflow (Metasploit)
EIP-2026-118288 EXPLOITDB ruby WORKING POC
Autodesk IDrop - ActiveX Control Heap Memory Corruption (Metasploit)
CVE-2012-3811 EXPLOITDB ruby WORKING POC
Avaya IP Office Customer Call Reporter 7.0-7.0.5.8 & 8.0-8.0.9.13 - RCE via Wallboard ImageUpload.ashx
Unrestricted file upload vulnerability in ImageUpload.ashx in the Wallboard application in Avaya IP Office Customer Call Reporter 7.0 before 7.0.5.8 Q1 2012 Maintenance Release and 8.0 before 8.0.9.13 Q1 2012 Maintenance Release allows remote attackers to execute arbitrary code by uploading an executable file and then accessing it via a direct request.
EIP-2026-118293 EXPLOITDB ruby WORKING POC
Avaya WinPMD UniteHostRouter - Remote Buffer Overflow (Metasploit)
CVE-2009-4588 EXPLOITDB ruby WORKING POC
WindsPlayerIE.View.1 - Buffer Overflow
Heap-based buffer overflow in the WindsPlayerIE.View.1 ActiveX control in WindsPly.ocx 3.5.0.0 Beta, 3.0.0.5, and earlier in AwingSoft Awakening Web3D Player and Winds3D Viewer allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long SceneUrl property value, a different vulnerability than CVE-2009-2386. NOTE: some of these details are obtained from third party information.
CVE-2009-4850 EXPLOITDB ruby WORKING POC
Awingsoft Awakening Winds3D Viewer Plugin 3.5.0.9 - Remote Code Execution via SceneURL Property
The Awingsoft Awakening Winds3D Viewer plugin 3.5.0.9 allows remote attackers to execute arbitrary programs via a SceneURL property value with a URL for a .exe file.
CVE-2017-15222 EXPLOITDB CRITICAL ruby WORKING POC
nftp < 2.0 - Remote Code Execution via Buffer Overflow
Buffer Overflow vulnerability in Ayukov NFTPD 2.0 and earlier allows remote attackers to execute arbitrary code.
CVSS 9.8
CVE-2005-0595 EXPLOITDB ruby WORKING POC
BadBlue 2.55 - Remote Code Execution via Long mfcisapicommand Parameter
Buffer overflow in ext.dll in BadBlue 2.55 allows remote attackers to execute arbitrary code via a long mfcisapicommand parameter.
CVE-2007-6377 EXPLOITDB ruby WORKING POC
BadBlue < 2.72b - Remote Code Execution via PassThru Query String Overflow
Stack-based buffer overflow in the PassThru functionality in ext.dll in BadBlue 2.72b and earlier allows remote attackers to execute arbitrary code via a long query string.
CVE-2005-1009 EXPLOITDB ruby WORKING POC
BakBone NetVault <7 - Buffer Overflow
Multiple buffer overflows in BakBone NetVault 6.x and 7.x allow (1) remote attackers to execute arbitrary code via a modified computer name and length that leads to a heap-based buffer overflow, or (2) local users to execute arbitrary code via a long Name entry in the configure.cfg file.
CVE-2009-1612 EXPLOITDB ruby WORKING POC
Baofeng Storm - Stack-based Buffer Overflow via OnBeforeVideoDownload Method
Stack-based buffer overflow in the MPS.StormPlayer.1 ActiveX control in mps.dll 3.9.4.27 in Baofeng Storm allows remote attackers to execute arbitrary code via a long argument to the OnBeforeVideoDownload method, as exploited in the wild in April and May 2009. NOTE: some of these details are obtained from third party information. NOTE: it was later reported that 3.09.04.17 and earlier are also affected.
CVE-2008-5457 EXPLOITDB ruby WORKING POC
BEA Product Suite - Info Disclosure
Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
CVE-2008-4008 EXPLOITDB ruby WORKING POC
BEA Product Suite - Unspecified Vuln
Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
EIP-2026-118311 EXPLOITDB ruby WORKING POC
Belkin Bulldog Plus - Web Service Buffer Overflow (Metasploit)
CVE-2008-1914 EXPLOITDB ruby WORKING POC
BigAnt IM Server <2.2 - Buffer Overflow
Stack-based buffer overflow in the AntServer module (AntServer.exe) in BigAnt IM Server in BigAnt Messenger 2.2 allows remote attackers to execute arbitrary code via a long URI in a request to TCP port 6080. NOTE: some of these details are obtained from third party information.
CVE-2008-1914 EXPLOITDB ruby WORKING POC
BigAnt IM Server <2.2 - Buffer Overflow
Stack-based buffer overflow in the AntServer module (AntServer.exe) in BigAnt IM Server in BigAnt Messenger 2.2 allows remote attackers to execute arbitrary code via a long URI in a request to TCP port 6080. NOTE: some of these details are obtained from third party information.
EIP-2026-118318 EXPLOITDB ruby WORKING POC
BigAnt Server 2.52 - USV Buffer Overflow (Metasploit)
CVE-2012-6274 EXPLOITDB ruby WORKING POC
BigAntSoft BigAnt IM Message Server - Unauthenticated Arbitrary File Write via File Upload
BigAntSoft BigAnt IM Message Server does not require authentication for file uploading, which allows remote attackers to create arbitrary files under AntServer\DocData\Public via unspecified vectors.
CVE-2012-6275 EXPLOITDB ruby WORKING POC
BigAntSoft BigAnt IM Message Server - Stack-Based Buffer Overflow via SCH or DUPF Request
Multiple stack-based buffer overflows in AntDS.exe in BigAntSoft BigAnt IM Message Server allow remote attackers to have an unspecified impact via (1) the filename header in an SCH request or (2) the userid component in a DUPF request.
CVE-2008-2683 EXPLOITDB ruby WORKING POC
Black Ice Barcode SDK - Arbitrary File Write via BIDIB.BIDIBCtrl.1 DownloadImageFileURL Method
The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black Ice Barcode SDK 5.01 allows remote attackers to force the download and storage of arbitrary files by specifying the origin URL in the first argument to the DownloadImageFileURL method, and the local filename in the second argument. NOTE: some of these details are obtained from third party information.