Metasploit

1,875 exploits Active since Aug 1990
CVE-2012-0694 EXPLOITDB CRITICAL ruby WORKING POC
SugarCRM CE <= 6.3.1 - Code Injection
SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote attackers to execute arbitrary PHP code.
CVSS 9.8
CVE-2000-0322 EXPLOITDB ruby WORKING POC
Red Hat Piranha - Command Injection
The passwd.php3 CGI script in the Red Hat Piranha Virtual Server Package allows local users to execute arbitrary commands via shell metacharacters.
EIP-2026-111611 EXPLOITDB ruby WORKING POC
qdPM 7.0 - Arbitrary '.PHP' File Upload (Metasploit)
CVE-2011-4453 EXPLOITDB ruby WORKING POC
PmWiki 2.x < 2.2.35 - Remote Code Execution via PageListSort Order Parameter
The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP create_function function.
CVE-2009-1151 EXPLOITDB CRITICAL ruby WORKING POC
phpMyAdmin 2.11.0-2.11.9.4 and 3.x < 3.1.3.1 - Remote Code Injection via Setup Configuration Save
Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.
CVSS 9.8
CVE-2012-5159 EXPLOITDB ruby WORKING POC
phpMyAdmin 3.5.2.2 - Remote Code Execution via Trojaned server_sync.php
phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during an unspecified time frame in 2012, contains an externally introduced modification (Trojan Horse) in server_sync.php, which allows remote attackers to execute arbitrary PHP code via an eval injection attack.
CVE-2008-6132 EXPLOITDB ruby WORKING POC
phpScheduleIt <1.2.10 - Code Injection
Eval injection vulnerability in reserve.php in phpScheduleIt 1.2.10 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via the start_date parameter.
CVE-2005-2086 EXPLOITDB ruby WORKING POC
phpBB <= 2.0.15 - Remote File Inclusion in viewtopic.php
PHP remote file inclusion vulnerability in viewtopic.php in phpBB 2.0.15 and earlier allows remote attackers to execute arbitrary PHP code.
CVE-2011-4075 EXPLOITDB ruby WORKING POC
phpLDAPadmin < 1.2.2 - Remote Code Execution via Orderby Parameter
The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby parameter (aka sortby variable) in a query_engine action to cmd.php, as exploited in the wild in October 2011.
CVE-2006-1551 EXPLOITDB ruby WORKING POC
PAJAX 0.5.1 - Remote Code Execution via pajax_call_dispatcher.php Method and Args Parameters
Eval injection vulnerability in pajax_call_dispatcher.php in PAJAX 0.5.1 and earlier allows remote attackers to execute arbitrary code via the (1) $method and (2) $args parameters.
CVE-2010-0904 EXPLOITDB ruby WORKING POC
Oracle Secure Backup 10.3.0.1 - Info Disclosure
Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote attackers to affect integrity via unknown vectors.
CVE-2008-2905 EXPLOITDB ruby WORKING POC
Mambo < 4.6.4 - Remote Code Execution via mosConfig_absolute_path Parameter
PHP remote file inclusion vulnerability in includes/Cache/Lite/Output.php in the Cache_Lite package in Mambo 4.6.4 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2011-4825 EXPLOITDB ruby WORKING POC
Ajax File and Image Manager < 1.1 - Remote Code Execution via PHP Code Injection in data.php
Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters.
EIP-2026-108917 EXPLOITDB ruby WORKING POC
Joomla! Plugin tinybrowser 1.5.12 - Arbitrary File Upload / Code Execution (Metasploit)
CVE-2017-8917 EXPLOITDB CRITICAL ruby WORKING POC
Joomla! 3.7.x - SQL Injection
SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors.
CVSS 9.8
CVE-2008-6825 EXPLOITDB ruby WORKING POC
trixbox < 2.6.1 - Remote File Inclusion via langChoice Parameter
Directory traversal vulnerability in user/index.php in Fonality trixbox CE 2.6.1 and earlier allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the langChoice parameter.
CVE-2012-4869 EXPLOITDB ruby WORKING POC
FreePBX < 2.10 - Remote Code Execution via callmenum Parameter
The callme_startcall function in recordings/misc/callme_page.php in FreePBX 2.9, 2.10, and earlier allows remote attackers to execute arbitrary commands via the callmenum parameter in a c action.
CVE-2011-4542 EXPLOITDB ruby WORKING POC
Hastymail2 2.1.1 - Remote Code Execution via rs or rsargs[] Parameter
Hastymail2 2.1.1 before RC2 allows remote attackers to execute arbitrary commands via the (1) rs or (2) rsargs[] parameter in a mailbox Drafts action to the default URI.
CVE-2011-5130 EXPLOITDB ruby WORKING POC
Family Connections CMS 2.5.0-2.7.1 - Remote Code Execution via dev/less.php argv[1] Parameter
dev/less.php in Family Connections CMS (FCMS) 2.5.0 - 2.7.1, when register_globals is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the argv[1] parameter.
CVE-2008-0506 EXPLOITDB ruby WORKING POC
Coppermine Photo Gallery < 1.4.14 - Remote Code Execution via ImageMagick Picture Processing Parameters
include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php.
EIP-2026-105928 EXPLOITDB ruby WORKING POC
ClipBucket - 'beats_uploader' Arbitrary File Upload (Metasploit)
EIP-2026-105929 EXPLOITDB ruby WORKING POC
ClipBucket - 'beats_uploader' Arbitrary File Upload (Metasploit)
CVE-2010-4335 EXPLOITDB ruby WORKING POC
CakePHP 1.2.8-1.3.5 - Remote Code Execution via Unserialize in Security Component
The _validatePost function in libs/controller/components/security.php in CakePHP 1.3.x through 1.3.5 and 1.2.8 allows remote attackers to modify the internal Cake cache and execute arbitrary code via a crafted data[_Token][fields] value that is processed by the unserialize function, as demonstrated by modifying the file_map cache to execute arbitrary local files.
CVE-2012-3399 EXPLOITDB ruby WORKING POC
Basilic 1.5.14 - Remote Command Execution via Config/diff.php File Parameter
Config/diff.php in Basilic 1.5.14 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter.
CVE-2012-1153 EXPLOITDB ruby WORKING POC
appRain CMF <= 0.1.5 - Unauthenticated Arbitrary File Upload and Remote Code Execution
Unrestricted file upload vulnerability in addons/uploadify/uploadify.php in appRain CMF 0.1.5 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads directory.