Metasploit

1,875 exploits Active since Aug 1990
EIP-2026-104777 EXPLOITDB ruby WORKING POC
STUNSHELL (Web Shell) - PHP Remote Code Execution (Metasploit)
EIP-2026-104776 EXPLOITDB ruby WORKING POC
STUNSHELL (Web Shell) - PHP Remote Code Execution (Metasploit)
EIP-2026-104775 EXPLOITDB ruby WORKING POC
SPIP - 'connect' PHP Injection (Metasploit)
CVE-2017-18357 EXPLOITDB MEDIUM ruby WORKING POC
Shopware < 5.3.4 - PHP Object Instantiation and XXE via ProductStream Controller
Shopware before 5.3.4 has a PHP Object Instantiation issue via the sort parameter to the loadPreviewAction() method of the Shopware_Controllers_Backend_ProductStream controller, with resultant XXE via instantiation of a SimpleXMLElement object.
CVSS 6.5
EIP-2026-104770 EXPLOITDB ruby WORKING POC
Sflog! CMS 1.0 - Arbitrary File Upload (Metasploit)
CVE-2008-5191 EXPLOITDB ruby WORKING POC
SePortal 2.4 - SQL Injection via poll_id or sp_id Parameter
Multiple SQL injection vulnerabilities in SePortal 2.4 allow remote attackers to execute arbitrary SQL commands via the (1) poll_id parameter to poll.php and the (2) sp_id parameter to staticpages.php.
CVE-2014-8686 EXPLOITDB CRITICAL ruby WORKING POC
CodeIgniter <2.2.0 - Info Disclosure
CodeIgniter before 2.2.0 makes it easier for attackers to decode session cookies by leveraging fallback to a custom XOR-based encryption scheme when the Mcrypt extension for PHP is not available.
CVSS 9.8
CVE-2014-9567 EXPLOITDB ruby WORKING POC
ProjectSend r100-r561 - Unauthenticated Arbitrary File Upload and Remote Code Execution via process-upload.php
Unrestricted file upload vulnerability in process-upload.php in ProjectSend (formerly cFTP) r100 through r561 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in the upload/files/ or upload/temp/ directory.
CVE-2013-0803 EXPLOITDB CRITICAL ruby WORKING POC
PolarBear CMS 2.5 - Unauthenticated Arbitrary File Upload via upload.php
A PHP File Upload Vulnerability exists in PolarBear CMS 2.5 via upload.php, which could let a malicious user execute arbitrary code.
CVSS 9.8
CVE-2017-9080 EXPLOITDB HIGH ruby WORKING POC
PlaySMS 1.4 - Remote Code Execution
PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed. sendfromfile.php has a combination of Unrestricted File Upload and Code Injection.
CVSS 8.8
CVE-2020-8644 EXPLOITDB CRITICAL ruby WORKING POC
playsms < 1.4.3 - Unauthenticated Remote Code Execution via Template Injection
PlaySMS before 1.4.3 does not sanitize inputs from a malicious string.
CVSS 9.8
CVE-2017-9101 EXPLOITDB CRITICAL ruby WORKING POC
PlaySMS 1.4 - Remote Code Execution
import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows remote code execution via vectors involving the User-Agent HTTP header and PHP code in the name of a file.
CVSS 9.8
EIP-2026-104765 EXPLOITDB ruby WORKING POC
Piwik 2.14.0/2.16.0/2.17.1/3.0.1 - Superuser Plugin Upload (Metasploit)
EIP-2026-104764 EXPLOITDB ruby WORKING POC
PineApp Mail-SeCure - 'test_li_connection.php' Arbitrary Command Execution (Metasploit)
EIP-2026-104763 EXPLOITDB ruby WORKING POC
PineApp Mail-SeCure - 'ldapsyncnow.php' Arbitrary Command Execution (Metasploit)
CVE-2019-10867 EXPLOITDB HIGH ruby WORKING POC
pimcore < 5.7.1 - Authenticated Remote Code Execution via Unserialize in Bulk-Commit Endpoint
An issue was discovered in Pimcore before 5.7.1. An attacker with classes permission can send a POST request to /admin/class/bulk-commit, which will make it possible to exploit the unserialize function when passing untrusted values in the data parameter to bundles/AdminBundle/Controller/Admin/DataObject/ClassController.php.
CVSS 8.8
CVE-2012-6554 EXPLOITDB ruby WORKING POC
activeCollab Chat Module < 1.5.2 - Authenticated Remote Code Execution via Message Text Parameter
functions/html_to_text.php in the Chat module before 1.5.2 for activeCollab allows remote authenticated users to execute arbitrary PHP code via the message[message_text] parameter to chat/add_messag, which is not properly handled when executing the preg_replace function with the eval switch.
CVE-2003-0201 EXPLOITDB ruby WORKING POC
Samba < 2.2.8a and 2.0.10 - Remote Code Execution via call_trans2open Buffer Overflow
Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.
CVE-2004-0695 EXPLOITDB ruby WORKING POC
4D WebSTAR <5.3.2 - Buffer Overflow
Stack-based buffer overflow in the FTP service for 4D WebSTAR 5.3.2 and earlier allows remote attackers to execute arbitrary code via a long FTP command.
CVE-2010-2309 EXPLOITDB ruby WORKING POC
EvoLogical EvoCam 3.6.6-3.6.7 - Remote Code Execution via Long GET Request
Buffer overflow in the web server for EvoLogical EvoCam 3.6.6 and 3.6.7 allows remote attackers to execute arbitrary code via a long GET request.
CVE-2007-2446 EXPLOITDB ruby WORKING POC
Samba 3.0.0-3.0.25rc3 - Buffer Overflow
Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), or (5) LsarLookupSids/LsarLookupSids2 (lsa_io_trans_names).
CVE-2011-0065 EXPLOITDB ruby WORKING POC
Mozilla Firefox <3.5.19 & SeaMonkey <2.0.14 - Use After Free
Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mChannel.
EIP-2026-104618 EXPLOITDB ruby WORKING POC
mDNSResponder 10.4.0/10.4.8 (OSX) - UPnP Location Overflow (Metasploit)
CVE-2005-0491 EXPLOITDB ruby WORKING POC
Knox Arkeia Server Backup 5.3.x - Remote Code Execution via Type 77 Request
Stack-based buffer overflow in Knox Arkeia Server Backup 5.3.x allows remote attackers to execute arbitrary code via a long type 77 request.
CVE-2004-0430 EXPLOITDB ruby WORKING POC
AppleFileServer <10.3.3 - Buffer Overflow
Stack-based buffer overflow in AppleFileServer for Mac OS X 10.3.3 and earlier allows remote attackers to execute arbitrary code via a LoginExt packet for a Cleartext Password User Authentication Method (UAM) request with a PathName argument that includes an AFPName type string that is longer than the associated length field.