Metasploit

1,875 exploits Active since Aug 1990
CVE-2015-7007 EXPLOITDB ruby WORKING POC
macOS < 10.11.1 - Unauthenticated AppleScript Execution Bypass
Script Editor in Apple OS X before 10.11.1 allows remote attackers to bypass an intended user-confirmation requirement for AppleScript execution via unspecified vectors.
CVE-2011-3230 EXPLOITDB ruby WORKING POC
Apple Safari - Remote Code Execution via File URL Policy Bypass
Apple Safari before 5.1.1 on Mac OS X does not enforce an intended policy for file: URLs, which allows remote attackers to execute arbitrary code via a crafted web site.
EIP-2026-104613 EXPLOITDB ruby WORKING POC
Apple QuickTime RTSP 10.4.0 < 10.5.0 (OSX) - Content-Type Overflow (Metasploit)
CVE-2007-6166 EXPLOITDB ruby WORKING POC
Apple QuickTime <7.3.1 - Buffer Overflow
Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header.
CVE-2007-5863 EXPLOITDB ruby WORKING POC
Apple Mac OS X 10.5.1 - Command Injection
Software Update in Apple Mac OS X 10.5.1 allows remote attackers to execute arbitrary commands via a man-in-the-middle (MITM) attack between the client and the server, using a modified distribution definition file with the "allow-external-scripts" option.
CVE-2010-2309 EXPLOITDB ruby WORKING POC
EvoLogical EvoCam 3.6.6-3.6.7 - Remote Code Execution via Long GET Request
Buffer overflow in the web server for EvoLogical EvoCam 3.6.6 and 3.6.7 allows remote attackers to execute arbitrary code via a long GET request.
CVE-2007-2386 EXPLOITDB ruby WORKING POC
Apple Mac OS X <10.4.9 - Buffer Overflow
Buffer overflow in mDNSResponder in Apple Mac OS X 10.4 up to 10.4.9 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted UPnP Internet Gateway Device (IGD) packet.
CVE-2009-0950 EXPLOITDB ruby WORKING POC
Apple iTunes < 8.2 - Remote Code Execution via Long itms: URL Component
Stack-based buffer overflow in Apple iTunes before 8.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an itms: URL with a long URL component after a colon.
CVE-2016-4117 EXPLOITDB CRITICAL ruby WORKING POC
Adobe Flash Player DeleteRangeTimelineOperation Type-Confusion
Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in May 2016.
CVSS 9.8
CVE-2013-7387 EXPLOITDB ruby WORKING POC
DataLife Engine <9.7 - Info Disclosure
Session fixation vulnerability in DataLife Engine (DLE) 9.7 and earlier allows remote attackers to hijack web sessions via the PHPSESSID cookie.
CVE-2019-9692 EXPLOITDB MEDIUM ruby WORKING POC
CMS Made Simple < 2.2.10 - Unrestricted File Upload via Watermark Image Extension Bypass
class.showtime2_image.php in CMS Made Simple (CMSMS) before 2.2.10 does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG).
CVSS 6.5
CVE-2015-7309 EXPLOITDB ruby WORKING POC
Bolt < 2.2.5 - Authenticated Remote Code Execution via Theme Editor File Rename
The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files, which allows remote authenticated users to execute arbitrary code by renaming a crafted file and then directly accessing it.
EIP-2026-104717 EXPLOITDB ruby WORKING POC
BuilderEngine 3.5.0 - Arbitrary File Upload and Execution (Metasploit)
CVE-2018-9206 EXPLOITDB CRITICAL ruby WORKING POC
Blueimp jQuery-File-Upload <=9.22.0 - File Upload
Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0
CVSS 9.8
CVE-2019-16113 EXPLOITDB HIGH ruby WORKING POC
Bludit 3.9.2 - Remote Code Execution via Image Upload Path Traversal
Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname.
CVSS 8.8
CVE-2016-2555 EXPLOITDB CRITICAL ruby WORKING POC
ATutor 2.2.1 - SQL Injection via searchFriends Function
SQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary SQL commands via the searchFriends function to friends.inc.php.
CVSS 9.8
EIP-2026-104713 EXPLOITDB ruby WORKING POC
ATutor 2.2.1 - Directory Traversal / Remote Code Execution (Metasploit)
EIP-2026-104711 EXPLOITDB ruby WORKING POC
Alienvault Open Source SIEM (OSSIM) - SQL Injection / Remote Code Execution (Metasploit)
CVE-2012-0261 EXPLOITDB ruby WORKING POC
op5 Monitor/Appliance <1.6.2/<5.5.3 - Command Injection
license.php in system-portal before 1.6.2 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the timestamp parameter for an install action.
CVE-2015-1130 EXPLOITDB HIGH ruby WORKING POC
Apple OS X Rootpipe Privilege Escalation
The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges via unspecified vectors.
CVSS 7.8
CVE-2019-19726 EXPLOITDB HIGH ruby WORKING POC
OpenBSD Dynamic Loader chpass Privilege Escalation
OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be defeated by setting a very small RLIMIT_DATA resource limit. When executing chpass or passwd (which are setuid root), _dl_setup_env in ld.so tries to strip LD_LIBRARY_PATH from the environment, but fails when it cannot allocate memory. Thus, the attacker is able to execute their own library code as root.
CVSS 7.8
CVE-2009-4655 EXPLOITDB ruby WORKING POC
Novell eDirectory 8.8.5 - Info Disclosure
The dhost web service in Novell eDirectory 8.8.5 uses a predictable session cookie, which makes it easier for remote attackers to hijack sessions via a modified cookie.
CVE-2005-2852 EXPLOITDB ruby WORKING POC
Novell Netware 6.5 SP2/SP3, 5.1, 6.0 - Denial of Service via Incorrect CIFS Password Length
Unknown vulnerability in CIFS.NLM in Novell Netware 6.5 SP2 and SP3, 5.1, and 6.0 allows remote attackers to cause a denial of service (ABEND) via an incorrect password length, as exploited by the "worm.rbot.ccc" worm.
EIP-2026-104522 EXPLOITDB ruby WORKING POC
NetWare 6.5 - SunRPC Portmapper CALLIT Stack Buffer Overflow (Metasploit)
CVE-2016-6253 EXPLOITDB HIGH ruby WORKING POC
NetBSD <7.0 - Local Privilege Escalation
mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or append data to arbitrary files on the target system via a symlink attack on the user mailbox.
CVSS 7.8