Metasploit

1,875 exploits Active since Aug 1990
CVE-2012-0694 EXPLOITDB CRITICAL ruby WORKING POC
SugarCRM CE <= 6.3.1 - Code Injection
SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote attackers to execute arbitrary PHP code.
CVSS 9.8
CVE-2000-0322 EXPLOITDB ruby WORKING POC
Red Hat Piranha - Command Injection
The passwd.php3 CGI script in the Red Hat Piranha Virtual Server Package allows local users to execute arbitrary commands via shell metacharacters.
EIP-2026-111611 EXPLOITDB ruby WORKING POC
qdPM 7.0 - Arbitrary '.PHP' File Upload (Metasploit)
CVE-2011-4453 EXPLOITDB ruby WORKING POC
Pmwiki - Code Injection
The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP create_function function.
CVE-2009-1151 EXPLOITDB CRITICAL ruby WORKING POC
Phpmyadmin < 2.11.9.5 - Code Injection
Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.
CVSS 9.8
CVE-2012-5159 EXPLOITDB ruby WORKING POC
phpMyAdmin <3.5.2.2 - RCE
phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during an unspecified time frame in 2012, contains an externally introduced modification (Trojan Horse) in server_sync.php, which allows remote attackers to execute arbitrary PHP code via an eval injection attack.
CVE-2008-6132 EXPLOITDB ruby WORKING POC
phpScheduleIt <1.2.10 - Code Injection
Eval injection vulnerability in reserve.php in phpScheduleIt 1.2.10 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via the start_date parameter.
CVE-2005-2086 EXPLOITDB ruby WORKING POC
phpBB <2.0.15 - RCE
PHP remote file inclusion vulnerability in viewtopic.php in phpBB 2.0.15 and earlier allows remote attackers to execute arbitrary PHP code.
CVE-2011-4075 EXPLOITDB ruby WORKING POC
phpLDAPadmin <1.2.2 - RCE
The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby parameter (aka sortby variable) in a query_engine action to cmd.php, as exploited in the wild in October 2011.
CVE-2006-1551 EXPLOITDB ruby WORKING POC
PAJAX <0.5.1 - Code Injection
Eval injection vulnerability in pajax_call_dispatcher.php in PAJAX 0.5.1 and earlier allows remote attackers to execute arbitrary code via the (1) $method and (2) $args parameters.
CVE-2010-0904 EXPLOITDB ruby WORKING POC
Oracle Secure Backup 10.3.0.1 - Info Disclosure
Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote attackers to affect integrity via unknown vectors.
CVE-2008-2905 EXPLOITDB ruby WORKING POC
Mambo - Code Injection
PHP remote file inclusion vulnerability in includes/Cache/Lite/Output.php in the Cache_Lite package in Mambo 4.6.4 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2011-4825 EXPLOITDB ruby WORKING POC
Phpletter Ajax File And Image Manager < 1.0 - Code Injection
Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters.
EIP-2026-108917 EXPLOITDB ruby WORKING POC
Joomla! Plugin tinybrowser 1.5.12 - Arbitrary File Upload / Code Execution (Metasploit)
CVE-2017-8917 EXPLOITDB CRITICAL ruby WORKING POC
Joomla! <3.7.1 - SQL Injection
SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors.
CVSS 9.8
CVE-2008-6825 EXPLOITDB ruby WORKING POC
Trixbox < 2.6.1 - Path Traversal
Directory traversal vulnerability in user/index.php in Fonality trixbox CE 2.6.1 and earlier allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the langChoice parameter.
CVE-2012-4869 EXPLOITDB ruby WORKING POC
FreePBX <2.10 - Command Injection
The callme_startcall function in recordings/misc/callme_page.php in FreePBX 2.9, 2.10, and earlier allows remote attackers to execute arbitrary commands via the callmenum parameter in a c action.
CVE-2011-4542 EXPLOITDB ruby WORKING POC
Hastymail2 - SQL Injection
Hastymail2 2.1.1 before RC2 allows remote attackers to execute arbitrary commands via the (1) rs or (2) rsargs[] parameter in a mailbox Drafts action to the default URI.
CVE-2011-5130 EXPLOITDB ruby WORKING POC
Haudenschilt Family Connections Cms - Code Injection
dev/less.php in Family Connections CMS (FCMS) 2.5.0 - 2.7.1, when register_globals is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the argv[1] parameter.
CVE-2008-0506 EXPLOITDB ruby WORKING POC
Coppermine Photo Gallery < 1.4.14 - Improper Input Validation
include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php.
EIP-2026-105928 EXPLOITDB ruby WORKING POC
ClipBucket - 'beats_uploader' Arbitrary File Upload (Metasploit)
EIP-2026-105929 EXPLOITDB ruby WORKING POC
ClipBucket - 'beats_uploader' Arbitrary File Upload (Metasploit)
CVE-2010-4335 EXPLOITDB ruby WORKING POC
Cakefoundation Cakephp < 1.3.6 - Improper Input Validation
The _validatePost function in libs/controller/components/security.php in CakePHP 1.3.x through 1.3.5 and 1.2.8 allows remote attackers to modify the internal Cake cache and execute arbitrary code via a crafted data[_Token][fields] value that is processed by the unserialize function, as demonstrated by modifying the file_map cache to execute arbitrary local files.
CVE-2012-3399 EXPLOITDB ruby WORKING POC
Artis.imag Basilic - Improper Input Validation
Config/diff.php in Basilic 1.5.14 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter.
CVE-2012-1153 EXPLOITDB ruby WORKING POC
Apprain < 0.1.5 - Unrestricted File Upload
Unrestricted file upload vulnerability in addons/uploadify/uploadify.php in appRain CMF 0.1.5 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads directory.