Metasploit

1,875 exploits Active since Aug 1990
EIP-2026-114690 EXPLOITDB ruby WORKING POC
Metasploit Framework - 'msfd' Remote Code Execution (Metasploit)
EIP-2026-114674 EXPLOITDB ruby WORKING POC
Werkzeug - Debug Shell Command Execution (Metasploit)
EIP-2026-114672 EXPLOITDB ruby WORKING POC
Mercurial - Custom hg-ssh Wrapper Remote Code Exec (Metasploit)
CVE-2017-1000117 EXPLOITDB HIGH ruby WORKING POC
Malicious Git HTTP Server For CVE-2017-1000117
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability.
CVSS 8.8
EIP-2026-114669 EXPLOITDB ruby WORKING POC
Docker Daemon - Unprotected TCP Socket (Metasploit)
EIP-2026-114665 EXPLOITDB ruby WORKING POC
Centreon 2.5.3 - Web Useralias Command Execution (Metasploit)
CVE-2014-9308 EXPLOITDB ruby WORKING POC
WP EasyCart < 3.0.8 - Authenticated Arbitrary File Upload via Banner Upload Script
Unrestricted file upload vulnerability in inc/amfphp/administration/banneruploaderscript.php in the WP EasyCart (aka WordPress Shopping Cart) plugin before 3.0.9 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in products/banners/.
CVE-2005-1921 EXPLOITDB ruby WORKING POC
PEAR XML_RPC < 1.3.0 and PHPXMLRPC < 1.1 - Remote Code Execution via Unsanitized XML Input
Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.
EIP-2026-113766 EXPLOITDB ruby WORKING POC
WordPress Plugin Foxypress - 'Uploadify.php' Arbitrary Code Execution (Metasploit)
CVE-2011-4449 EXPLOITDB ruby WORKING POC
WikkaWiki 1.3.1 and 1.3.2 - Arbitrary PHP Code Execution via File Upload with Multiple Extensions
actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
EIP-2026-113767 EXPLOITDB ruby WORKING POC
WordPress Plugin Foxypress - 'Uploadify.php' Arbitrary Code Execution (Metasploit)
CVE-2005-2612 EXPLOITDB ruby WORKING POC
WordPress <1.5.1.3 - Code Injection
Direct code injection vulnerability in WordPress 1.5.1.3 and earlier allows remote attackers to execute arbitrary PHP code via the cache_lastpostdate[server] cookie.
EIP-2026-113831 EXPLOITDB ruby WORKING POC
WordPress Plugin InfiniteWP - Client Authentication Bypass (Metasploit)
CVE-2012-4915 EXPLOITDB ruby WORKING POC
Google Doc Embedder <2.5.4 - Path Traversal
Directory traversal vulnerability in the Google Doc Embedder plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to libs/pdf.php.
CVE-2005-0511 EXPLOITDB ruby WORKING POC
vBulletin <= 3.0.6 - Remote Code Execution via Template Parameter
misc.php for vBulletin 3.0.6 and earlier, when "Add Template Name in HTML Comments" is enabled, allows remote attackers to execute arbitrary PHP code via nested variables in the template parameter.
CVE-2015-7808 EXPLOITDB ruby WORKING POC
vBulletin 5 Connect <5.1.9 - Code Injection
The vB_Api_Hook::decodeArguments method in vBulletin 5 Connect 5.1.2 through 5.1.9 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in the arguments parameter to ajax/api/hook/decodeArguments.
CVE-2005-2877 EXPLOITDB ruby WORKING POC
TWiki 02-Sep-2004 and earlier - Remote Code Execution via Rev Parameter Shell Metacharacter Injection
The history (revision control) function in TWiki 02-Sep-2004 and earlier allows remote attackers to execute arbitrary code via shell metacharacters, as demonstrated via the rev parameter to TWikiUsers.
CVE-2012-3996 EXPLOITDB ruby WORKING POC
TikiWiki CMS/Groupware < 8.2 - Exposure of Sensitive Information via Direct Request
TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers to obtain the installation path via a direct request to (1) admin/include_calendar.php, (2) tiki-rss_error.php, or (3) tiki-watershed_service.php.
CVE-2006-4602 EXPLOITDB ruby WORKING POC
TikiWiki < 1.9.4 - Unauthenticated Arbitrary File Upload via jhot.php
Unrestricted file upload vulnerability in jhot.php in TikiWiki 1.9.4 Sirius and earlier allows remote attackers to execute arbitrary PHP code via a filepath parameter that contains a filename with a .php extension, which is uploaded to the img/wiki/ directory.
CVE-2007-5423 EXPLOITDB ruby WORKING POC
TikiWiki 1.9.8 - Remote Code Execution via tiki-graph_formula.php f Parameter
tiki-graph_formula.php in TikiWiki 1.9.8 allows remote attackers to execute arbitrary code via PHP sequences in the f array parameter, which are processed by create_function.
CVE-2004-1037 EXPLOITDB ruby WORKING POC
TWiki 20030201 - Remote Code Execution via Search Function Shell Metacharacters
The search function in TWiki 20030201 allows remote attackers to execute arbitrary commands via shell metacharacters in a search string.
CVE-2005-2733 EXPLOITDB ruby WORKING POC
Simple PHP Blog - Remote Code Execution via Unrestricted File Upload
upload_img_cgi.php in Simple PHP Blog (SPHPBlog) does not properly restrict file extensions of uploaded files, which could allow remote attackers to execute arbitrary code.
CVE-2012-0299 EXPLOITDB ruby WORKING POC
Symantec Web Gateway 5.0.x - Remote Code Execution via File Management Scripts
The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to upload arbitrary code to a designated pathname, and possibly execute this code, via unspecified vectors.
CVE-2012-0297 EXPLOITDB ruby WORKING POC
Symantec Web Gateway < 5.0.3 - Remote Code Execution via Management GUI Script Access
The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not properly restrict access to application scripts, which allows remote attackers to execute arbitrary code by (1) injecting crafted data or (2) including crafted data.
CVE-2011-3833 EXPLOITDB ruby WORKING POC
Support Incident Tracker Remote Command Execution
Unrestricted file upload vulnerability in ftp_upload_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in an unspecified directory.