Metasploit

1,875 exploits Active since Aug 1990
CVE-2014-8517 EXPLOITDB ruby WORKING POC
macOS X - Remote Command Execution via HTTP Redirect Pipe Character
The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect.
CVE-2013-6955 EXPLOITDB ruby WORKING POC
Synology DiskStation Manager - Arbitrary File Write via SLICEUPLOAD X-TMP-FILE Header
webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header.
CVE-2014-2850 EXPLOITDB ruby WORKING POC
Sophos Web Appliance Firmware < 3.8.2 - Authenticated OS Command Injection via Network Interface Address Parameter
The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address parameter.
EIP-2026-114805 EXPLOITDB ruby WORKING POC
SixApart MovableType - Storable Perl Code Execution (Metasploit)
CVE-2019-6814 EXPLOITDB CRITICAL ruby WORKING POC
NET55XX Encoder Firmware < 2.1.9.7 - Improper Authentication
A CWE-287: Improper Authentication vulnerability exists in the NET55XX Encoder with firmware prior to version 2.1.9.7 which could cause impact to confidentiality, integrity, and availability when a remote attacker crafts a malicious request to the encoder webUI.
CVSS 9.8
CVE-2007-2447 EXPLOITDB ruby WORKING POC
Samba 3.0.0-3.0.25rc3 - Command Injection
The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.
CVE-2018-11138 EXPLOITDB CRITICAL ruby WORKING POC
Quest KACE System Management Appliance 8.0.318 - Unauthenticated OS Command Injection via download_agent_installer.php
The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by anonymous users and can be abused to execute arbitrary commands on the system.
CVSS 9.8
EIP-2026-114804 EXPLOITDB ruby WORKING POC
Quantum vmPRO - Backdoor Command (Metasploit)
EIP-2026-114802 EXPLOITDB ruby WORKING POC
QNX QCONN - Remote Command Execution (Metasploit)
CVE-2012-5965 EXPLOITDB ruby WORKING POC
portable SDK for UPnP Devices 1.3.1 - Stack-based Buffer Overflow in SSDP DeviceType Field
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long DeviceType (aka urn device) field in a UDP packet.
EIP-2026-114801 EXPLOITDB ruby WORKING POC
Polycom Shell HDX Series - Traceroute Command Execution (Metasploit)
EIP-2026-114799 EXPLOITDB ruby WORKING POC
PineApp Mail-SeCure - 'livelog.html' Arbitrary Command Execution (Metasploit)
EIP-2026-114798 EXPLOITDB ruby WORKING POC
pfSense - (Authenticated) Group Member Remote Command Execution (Metasploit)
CVE-2017-15944 EXPLOITDB CRITICAL ruby WORKING POC
Palo Alto Network PAN-OS - Remote Code Execution
Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management interface.
CVSS 9.8
EIP-2026-114793 EXPLOITDB ruby WORKING POC
Morris Worm - sendmail Debug Mode Shell Escape (Metasploit)
EIP-2026-114792 EXPLOITDB ruby WORKING POC
Morris Worm - sendmail Debug Mode Shell Escape (Metasploit)
CVE-2018-1612 EXPLOITDB MEDIUM ruby WORKING POC
IBM QRadar SIEM 7.2-7.3 - Unauthenticated Exposure of Sensitive Information
IBM QRadar Incident Forensics (IBM QRadar SIEM 7.2, and 7.3) could allow a remote attacker to bypass authentication and obtain sensitive information. IBM X-Force ID: 144164.
CVSS 5.8
CVE-2013-4835 EXPLOITDB ruby WORKING POC
HP SiteScope 10.1x and 11.x < 11.22 - Unauthenticated Remote Code Execution via APISiteScopeImpl issueSiebelCmd Method
The APISiteScopeImpl SOAP service in HP SiteScope 10.1x and 11.x before 11.22 allows remote attackers to bypass authentication and execute arbitrary code via a direct request to the issueSiebelCmd method, aka ZDI-CAN-1765.
CVE-2017-2741 EXPLOITDB CRITICAL ruby WORKING POC
HP PageWide/OfficeJet Pro <1708D - RCE
A potential security vulnerability has been identified with HP PageWide Printers, HP OfficeJet Pro Printers, with firmware before 1708D. This vulnerability could potentially be exploited to execute arbitrary code.
CVSS 9.8
CVE-2013-5093 EXPLOITDB ruby WORKING POC
Graphite 0.9.5-0.9.10 - Remote Code Execution via Unsafe Pickle Deserialization
The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object.
CVE-2015-2845 EXPLOITDB ruby WORKING POC
GoAutoDial GoAdmin CE - OS Command Injection via cpanel PATH_INFO
The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1421902800 allows remote attackers to execute arbitrary commands via the $type portion of the PATH_INFO.
EIP-2026-114786 EXPLOITDB ruby WORKING POC
GestioIP - Remote Command Execution (Metasploit)
CVE-2014-1903 EXPLOITDB ruby WORKING POC
FreePBX <2.9.0.14, <2.10.1.15, <2.11.0.23, <12.0.1alpha22 - RCE
admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the API handler, which allows remote attackers to execute arbitrary PHP code via the function and args parameters to admin/config.php.
CVE-2012-6330 EXPLOITDB ruby WORKING POC
Foswiki MAKETEXT Remote Command Execution
The localization functionality in TWiki before 5.1.3, and Foswiki 1.0.x through 1.0.10 and 1.1.x through 1.1.6, allows remote attackers to cause a denial of service (memory consumption) via a large integer in a %MAKETEXT% macro.
CVE-2014-2928 EXPLOITDB ruby WORKING POC
F5 BIG-IP - Remote Code Execution via iControl API Hostname Element
The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and PSM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, BIG-IP AAM 11.4.0 through 11.5.1, BIG-IP AFM and PEM 11.3.0 through 11.5.1, BIG-IP Analytics 11.0.0 through 11.5.1, BIG-IP Edge Gateway, WebAccelerator, WOM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, Enterprise Manager 2.1.0 through 2.3.0 and 3.0.0 through 3.1.1, and BIG-IQ Cloud, Device, and Security 4.0.0 through 4.3.0 allows remote administrators to execute arbitrary commands via shell metacharacters in the hostname element in a SOAP request.