Metasploit

1,875 exploits Active since Aug 1990
CVE-2013-0008 EXPLOITDB ruby WORKING POC
Windows Vista/7/8, Server 2008/2012, RT - Privilege Escalation via Win32k Window Broadcast
win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows local users to gain privileges via a crafted application, aka "Win32k Improper Message Handling Vulnerability."
EIP-2026-117530 EXPLOITDB ruby WORKING POC
Microsoft Windows - Escalate UAC Protection Bypass (Via Shell Open Registry Key) (Metasploit)
EIP-2026-117529 EXPLOITDB ruby WORKING POC
Microsoft Windows - Escalate UAC Protection Bypass (Via Shell Open Registry Key) (Metasploit)
EIP-2026-117528 EXPLOITDB ruby WORKING POC
Microsoft Windows - Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit)
EIP-2026-117527 EXPLOITDB ruby WORKING POC
Microsoft Windows - Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit)
EIP-2026-117526 EXPLOITDB ruby WORKING POC
Microsoft Windows - Escalate UAC Protection Bypass (Via COM Handler Hijack) (Metasploit)
EIP-2026-117525 EXPLOITDB ruby WORKING POC
Microsoft Windows - Escalate UAC Protection Bypass (Via COM Handler Hijack) (Metasploit)
EIP-2026-117524 EXPLOITDB ruby WORKING POC
Microsoft Windows - Escalate UAC Protection Bypass (Metasploit)
EIP-2026-117523 EXPLOITDB ruby WORKING POC
Microsoft Windows - Escalate UAC Execute RunAs (Metasploit)
EIP-2026-117522 EXPLOITDB ruby WORKING POC
Microsoft Windows - Escalate Service Permissions Privilege Escalation (Metasploit)
CVE-2010-3970 EXPLOITDB ruby WORKING POC
Windows XP/2003/Vista/2008 - Remote Code Execution via Crafted Thumbnail Bitmap
Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka "Windows Shell Graphics Processing Overrun Vulnerability."
EIP-2026-117521 EXPLOITDB ruby WORKING POC
Microsoft Windows - Contact File Format Arbitary Code Execution (Metasploit)
EIP-2026-117520 EXPLOITDB ruby WORKING POC
Microsoft Windows - Contact File Format Arbitary Code Execution (Metasploit)
CVE-2015-1701 EXPLOITDB HIGH ruby WORKING POC
Microsoft Win32k - Privilege Escalation
Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in April 2015, aka "Win32k Elevation of Privilege Vulnerability."
CVSS 7.8
EIP-2026-117519 EXPLOITDB ruby WORKING POC
Microsoft Windows - AlwaysInstallElevated MSI (Metasploit)
CVE-2013-5065 EXPLOITDB HIGH ruby WORKING POC
Microsoft Windows XP/Server 2003 - Privilege Escalation
NDProxy.sys in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in November 2013.
CVSS 7.8
CVE-2013-3661 EXPLOITDB ruby WORKING POC
Microsoft Windows - Denial of Service via EPATHOBJ::bFlatten Path Traversal
The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain.
CVE-2011-2005 EXPLOITDB HIGH ruby WORKING POC
Microsoft Windows XP/Server 2003 - Privilege Escalation
afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
CVSS 7.8
CVE-2007-4776 EXPLOITDB ruby WORKING POC
Microsoft Visual Basic 6.0 and Enterprise Edition 6.0 SP6 - Buffer Overflow via Long Reference Line in VBP File
Buffer overflow in Microsoft Visual Basic 6.0 and Enterprise Edition 6.0 SP6 allows user-assisted remote attackers to execute arbitrary code via a Visual Basic project (vbp) file containing a long Reference line, related to VBP_Open and OLE. NOTE: there are limited usage scenarios under which this would be a vulnerability.
CVE-2010-1681 EXPLOITDB ruby WORKING POC
Microsoft Visio - Buffer Overflow via Crafted DXF File
Buffer overflow in VISIODWG.DLL before 10.0.6880.4 in Microsoft Office Visio allows user-assisted remote attackers to execute arbitrary code via a crafted DXF file, a different vulnerability than CVE-2010-0254 and CVE-2010-0256.
CVE-2019-1405 EXPLOITDB HIGH ruby WORKING POC
Windows UPnP Service - Privilege Escalation via COM Object Creation
An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'.
CVSS 7.8
CVE-2013-0074 EXPLOITDB HIGH ruby WORKING POC
Microsoft Silverlight <5.1.20125.0 - RCE
Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka "Silverlight Double Dereference Vulnerability."
CVSS 7.8
CVE-2015-0016 EXPLOITDB HIGH ruby WORKING POC
Windows TS WebProxy - Directory Traversal Elevation of Privilege via Crafted Executable Pathname
Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) component in Microsoft Windows Vista SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted pathname in an executable file, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Directory Traversal Elevation of Privilege Vulnerability."
CVSS 7.8
CVE-2013-5045 EXPLOITDB ruby WORKING POC
Microsoft Internet Explorer 10-11 - Privilege Escalation
Microsoft Internet Explorer 10 and 11 allows local users to bypass the Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code, aka "Internet Explorer Elevation of Privilege Vulnerability."
CVE-2010-0033 EXPLOITDB ruby WORKING POC
Microsoft PowerPoint 2003 SP3 - Remote Code Execution via Crafted PowerPoint Document
Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Viewer TextBytesAtom Record Stack Overflow Vulnerability."