Metasploit

1,875 exploits Active since Aug 1990
CVE-2008-3922 EXPLOITDB ruby WORKING POC
AWStats Totals <1.14 - RCE
awstatstotals.php in AWStats Totals 1.0 through 1.14 allows remote attackers to execute arbitrary code via PHP sequences in the sort parameter, which is used by the multisort function when dynamically creating an anonymous PHP function.
CVE-2006-2685 EXPLOITDB ruby WORKING POC
Kevin Johnson Basic Analysis And Security Engine - Code Injection
PHP remote file inclusion vulnerability in Basic Analysis and Security Engine (BASE) 1.2.4 and earlier, with register_globals enabled, allows remote attackers to execute arbitrary PHP code via a URL in the BASE_path parameter to (1) base_qry_common.php, (2) base_stat_common.php, and (3) includes/base_include.inc.php.
CVE-2020-11108 EXPLOITDB HIGH ruby WORKING POC
Pi-Hole heisenbergCompensator Blocklist OS Command Execution
The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abused for Remote Code Execution by writing to a PHP file in the web directory. (Also, it can be used in conjunction with the sudo rule for the www-data user to escalate privileges to root.) The code error is in gravity_DownloadBlocklistFromUrl in gravity.sh.
CVSS 8.8
EIP-2026-104762 EXPLOITDB ruby WORKING POC
PHPStudy - Backdoor Remote Code execution (Metasploit)
CVE-2018-12613 EXPLOITDB HIGH ruby WORKING POC
phpMyAdmin 4.8.x <4.8.2 - Code Injection
An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An attacker must be authenticated, except in the "$cfg['AllowArbitraryServer'] = true" case (where an attacker can specify any host he/she is already in control of, and execute arbitrary code on phpMyAdmin) and the "$cfg['ServerDefault'] = 0" case (which bypasses the login requirement and runs the vulnerable code without any authentication).
CVSS 8.8
CVE-2013-3238 EXPLOITDB ruby WORKING POC
phpMyAdmin <3.5.8 and <4.0.0-rc3 - Authenticated RCE
phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a /e\x00 sequence, which is not properly handled before making a preg_replace function call within the "Replace table prefix" feature.
EIP-2026-104761 EXPLOITDB ruby WORKING POC
phpFileManager 0.9.8 - Remote Code Execution (Metasploit)
CVE-2017-6090 EXPLOITDB HIGH ruby WORKING POC
Phpcollab < 2.5.1 - Unrestricted File Upload
Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in logos_clients/.
CVSS 8.8
CVE-2019-11043 EXPLOITDB HIGH ruby WORKING POC
Php < 7.1.33 - Out-of-Bounds Write
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.
CVSS 8.7
EIP-2026-104759 EXPLOITDB ruby WORKING POC
PHP Utility Belt - Remote Code Execution (Metasploit)
EIP-2026-104757 EXPLOITDB ruby WORKING POC
PHP IRC Bot pbot - 'eval()' Remote Code Execution (Metasploit)
CVE-2012-2336 EXPLOITDB ruby WORKING POC
PHP <5.3.13 & <5.4.3 - DoS
sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service (resource consumption) by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'T' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823.
EIP-2026-104751 EXPLOITDB ruby WORKING POC
Phoenix Exploit Kit - Remote Code Execution (Metasploit)
EIP-2026-104750 EXPLOITDB ruby WORKING POC
Phoenix Exploit Kit - Remote Code Execution (Metasploit)
EIP-2026-104749 EXPLOITDB ruby WORKING POC
pfSense 2.4.1 - Cross-Site Request Forgery Error Page Clickjacking (Metasploit)
CVE-2010-4279 EXPLOITDB ruby WORKING POC
Artica Pandora Fms < 3.1 - Authentication Bypass
The default configuration of Pandora FMS 3.1 and earlier specifies an empty string for the loginhash_pwd field, which allows remote attackers to bypass authentication by sending a request to index.php with "admin" in the loginhash_user parameter, in conjunction with the md5 hash of "admin" in the loginhash_data parameter.
CVE-2013-4211 EXPLOITDB CRITICAL ruby WORKING POC
Openx - Code Injection
A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to a backdoor in flowplayer-3.1.1.min.js library, which could let a remote malicious user execute arbitrary PHP code
CVSS 9.8
CVE-2009-4098 EXPLOITDB ruby WORKING POC
OpenX adserver <2.8.1 - RCE
Unrestricted file upload vulnerability in banner-edit.php in OpenX adserver 2.8.1 and earlier allows remote authenticated users with banner / file upload permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an images directory.
CVE-2011-4275 EXPLOITDB ruby WORKING POC
iTop 1.1.181-1.2.0-RC-282 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in iTop (aka IT Operations Portal) 1.1.181 and 1.2.0-RC-282 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted company name, (2) a crafted database server name, (3) a crafted CSV file, (4) a crafted copy-and-paste action, (5) the auth_user parameter in a suggest_pwd action to UI.php, (6) the c[menu] parameter to UniversalSearch.php, (7) the description parameter in a SearchFormToAdd_document_list action to UI.php, (8) the category parameter in an errors action to audit.php, or (9) the suggest_pwd parameter to UI.php.
CVE-2011-4275 EXPLOITDB ruby WORKING POC
iTop 1.1.181-1.2.0-RC-282 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in iTop (aka IT Operations Portal) 1.1.181 and 1.2.0-RC-282 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted company name, (2) a crafted database server name, (3) a crafted CSV file, (4) a crafted copy-and-paste action, (5) the auth_user parameter in a suggest_pwd action to UI.php, (6) the c[menu] parameter to UniversalSearch.php, (7) the description parameter in a SearchFormToAdd_document_list action to UI.php, (8) the category parameter in an errors action to audit.php, or (9) the suggest_pwd parameter to UI.php.
CVE-2017-1000119 EXPLOITDB HIGH ruby WORKING POC
October CMS <build 412 - Code Injection
October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise and possibly other applications on the server.
CVSS 7.2
CVE-2018-14933 EXPLOITDB CRITICAL ruby WORKING POC
NUUO NVRmini - RCE
upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command.
CVSS 9.8
CVE-2015-6967 EXPLOITDB ruby WORKING POC
Nibbleblog < 4.0.4 - Unrestricted File Upload
Unrestricted file upload vulnerability in the My Image plugin in Nibbleblog before 4.0.5 allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in content/private/plugins/my_image/image.php.
EIP-2026-104743 EXPLOITDB ruby WORKING POC
Network Shutdown Module 3.21 - 'sort_values' Remote PHP Code Injection (Metasploit)
CVE-2018-17553 EXPLOITDB HIGH ruby WORKING POC
Naviwebs Navigate CMS <2.8 - RCE
An "Unrestricted Upload of File with Dangerous Type" issue with directory traversal in navigate_upload.php in Naviwebs Navigate CMS 2.8 allows authenticated attackers to achieve remote code execution via a POST request with engine=picnik and id=../../../navigate_info.php.
CVSS 8.8