Metasploit

1,875 exploits Active since Aug 1990
CVE-2013-2010 EXPLOITDB CRITICAL ruby WORKING POC
W3 Total Cache < 0.9.2.8 - Remote PHP Code Execution
WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability
CVSS 9.8
CVE-2014-9735 EXPLOITDB ruby WORKING POC
ThemePunch Slider Revolution <3.0.96 & Showbiz Pro <1.7.1 - RCE
The ThemePunch Slider Revolution (revslider) plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier for Wordpress does not properly restrict access to administrator AJAX functionality, which allows remote attackers to (1) upload and execute arbitrary files via an update_plugin action; (2) delete arbitrary sliders via a delete_slider action; and (3) create, (4) update, (5) import, or (6) export arbitrary sliders via unspecified vectors.
EIP-2026-104792 EXPLOITDB ruby WORKING POC
WordPress Plugin Responsive Thumbnail Slider - Arbitrary File Upload (Metasploit)
CVE-2015-4133 EXPLOITDB ruby WORKING POC
reflex_gallery < 3.1.3 - Unauthenticated Arbitrary PHP File Upload via FileUploader
Unrestricted file upload vulnerability in admin/scripts/FileUploader/php.php in the ReFlex Gallery plugin before 3.1.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in uploads/ directory.
CVE-2016-10033 EXPLOITDB CRITICAL ruby WORKING POC
PHPMailer Sendmail Argument Injection
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
CVSS 9.8
EIP-2026-104790 EXPLOITDB ruby WORKING POC
WordPress Plugin N-Media Website Contact Form - Arbitrary File Upload (Metasploit)
CVE-2014-4725 EXPLOITDB ruby WORKING POC
MailPoet Newsletters <2.6.7 - Auth Bypass
The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/.
CVE-2014-6446 EXPLOITDB ruby WORKING POC
Infusionsoft Gravity Forms 1.5.3-1.5.10 - Unauthenticated Arbitrary File Upload and Remote Code Execution
The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPress does not properly restrict access, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code via a request to utilities/code_generator.php.
EIP-2026-104789 EXPLOITDB ruby WORKING POC
WordPress Plugin Database Backup < 5.2 - Remote Code Execution (Metasploit)
CVE-2014-8739 EXPLOITDB CRITICAL ruby WORKING POC
Creative Contact Form < 1.0.0 - Unauthenticated Arbitrary File Upload via jQuery File Upload Plugin
Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute arbitrary code by uploading a PHP file with an PHP extension, then accessing it via a direct request to the file in files/, as exploited in the wild in October 2014.
CVSS 9.8
EIP-2026-104787 EXPLOITDB ruby WORKING POC
WordPress Plugin Ajax Load More 2.8.1.1 - PHP Upload (Metasploit)
CVE-2019-8943 EXPLOITDB MEDIUM ruby WORKING POC
WordPress <= 5.0.3 - Authenticated Path Traversal via Image Crop Filename
WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring.
CVSS 6.5
CVE-2017-17560 EXPLOITDB CRITICAL ruby WORKING POC
Western Digital MyCloud PR4100 2.30.172 - Unauthenticated Arbitrary File Write and RCE via Multi Uploadify
An issue was discovered on Western Digital MyCloud PR4100 2.30.172 devices. The web administration component, /web/jquery/uploader/multi_uploadify.php, provides multipart upload functionality that is accessible without authentication and can be used to place a file anywhere on the device's file system. This allows an attacker the ability to upload a PHP shell onto the device and obtain arbitrary code execution as root.
CVSS 9.8
CVE-2013-3214 EXPLOITDB CRITICAL ruby WORKING POC
vtiger CRM < 5.4.0 - PHP Code Injection via vtigerolservice.php
vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerability in 'vtigerolservice.php'.
CVSS 9.8
CVE-2013-3591 EXPLOITDB HIGH ruby WORKING POC
vtiger CRM 5.3 and 5.4 - Unrestricted Upload of File with Dangerous Type
vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability
CVSS 8.8
CVE-2014-2268 EXPLOITDB ruby WORKING POC
vtiger CRM < Security Patch 2 - Unauthenticated Remote Code Execution via Install Module Re-Installation
views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which allows remote attackers to re-install the application via a request that sets the X-Requested-With HTTP header, as demonstrated by executing arbitrary PHP code via the db_name parameter.
CVE-2013-3522 EXPLOITDB ruby WORKING POC
vBulletin 5.0.0 Beta 11 and earlier - Authenticated SQL Injection via nodeid Parameter
SQL injection vulnerability in index.php/ajax/api/reputation/vote in vBulletin 5.0.0 Beta 11, 5.0.0 Beta 28, and earlier allows remote authenticated users to execute arbitrary SQL commands via the nodeid parameter.
CVE-2011-4828 EXPLOITDB ruby WORKING POC
AutoSec Tools V-CMS 1.0 - Remote Code Execution via Unrestricted File Upload in Inline Image Upload
Unrestricted file upload vulnerability in includes/inline_image_upload.php in AutoSec Tools V-CMS 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in temp/.
CVE-2014-7236 EXPLOITDB CRITICAL ruby WORKING POC
TWiki Debugenableplugins Remote Code Execution
Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary Perl code via the debugenableplugins parameter to do/view/Main/WebHome.
CVSS 9.1
CVE-2017-7411 EXPLOITDB HIGH ruby WORKING POC
Tuleap < 9.6 - Remote Code Execution via User::getRecentElements() Unserialize
An issue was discovered in Enalean Tuleap 9.6 and prior versions. The vulnerability exists because the User::getRecentElements() method is using the unserialize() function with a preference value that can be arbitrarily manipulated by malicious users through the REST API interface, and this can be exploited to inject arbitrary PHP objects into the application scope, allowing an attacker to perform a variety of attacks (including but not limited to Remote Code Execution).
CVSS 8.8
CVE-2014-8791 EXPLOITDB ruby WORKING POC
Tuleap < 7.7 - Authenticated PHP Object Injection via Project Registration Data Parameter
project/register.php in Tuleap before 7.7, when sys_create_project_in_one_step is disabled, allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via the data parameter.
EIP-2026-104782 EXPLOITDB ruby WORKING POC
Th3 MMA - 'mma.php' Backdoor Arbitrary File Upload (Metasploit)
EIP-2026-104781 EXPLOITDB ruby WORKING POC
TestLink 1.9.3 - Arbitrary File Upload (Metasploit)
EIP-2026-104779 EXPLOITDB ruby WORKING POC
STUNSHELL (Web Shell) - Remote Code Execution (Metasploit)
EIP-2026-104778 EXPLOITDB ruby WORKING POC
STUNSHELL (Web Shell) - Remote Code Execution (Metasploit)