Metasploit

1,875 exploits Active since Aug 1990
CVE-2014-8598 EXPLOITDB ruby WORKING POC
MantisBT < 1.2.17 - Unauthenticated Arbitrary File Upload and Information Disclosure via XML Import/Export Plugin
The XML Import/Export plugin in MantisBT 1.2.x does not restrict access, which allows remote attackers to (1) upload arbitrary XML files via the import page or (2) obtain sensitive information via the export page. NOTE: this issue can be combined with CVE-2014-7146 to execute arbitrary PHP code.
CVE-2016-1209 EXPLOITDB CRITICAL ruby WORKING POC
Ninja Forms <2.9.42.1 - Code Injection
The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request.
CVSS 9.8
CVE-2015-2994 EXPLOITDB ruby WORKING POC
SysAid < 15.1 - Unauthenticated Arbitrary File Upload and Remote Code Execution via ChangePhoto.jsp
Unrestricted file upload vulnerability in ChangePhoto.jsp in SysAid Help Desk before 15.2 allows remote administrators to execute arbitrary code by uploading a file with a .jsp extension, then accessing it via a direct request to the file in icons/user_photo/.
CVE-2016-1004 EXPLOITDB ruby WORKING POC
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none
CVE-2012-0262 EXPLOITDB ruby WORKING POC
op5config/welcome <2.0.3 - Command Injection
op5config/welcome in system-op5config before 2.0.3 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the password parameter.
CVE-2012-4284 EXPLOITDB CRITICAL ruby WORKING POC
Viscosity 1.4.1 - Privilege Escalation via ViscosityHelper Path Validation Issue
A Privilege Escalation vulnerability exists in Viscosity 1.4.1 on Mac OS X due to a path name validation issue in the setuid-set ViscosityHelper binary, which could let a remote malicious user execute arbitrary code
CVSS 9.8
CVE-2012-3485 EXPLOITDB ruby WORKING POC
Tunnelblick < 3.3beta20 - Privilege Escalation via argv[0] Pathname Manipulation
Tunnelblick 3.3beta20 and earlier relies on argv[0] to determine the name of an appropriate (1) kernel module pathname or (2) executable file pathname, which allows local users to gain privileges via an execl system call.
CVE-2015-3673 EXPLOITDB ruby WORKING POC
Apple OS X Entitlements Rootpipe Privilege Escalation
Admin Framework in Apple OS X before 10.10.4 does not properly restrict the location of writeconfig clients, which allows local users to obtain root privileges by moving and then modifying Directory Utility.
CVE-2015-5889 EXPLOITDB ruby WORKING POC
Apple OS X <10.11 - Privilege Escalation
rsh in the remote_cmds component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving environment variables.
CVE-2013-1775 EXPLOITDB ruby WORKING POC
Mac OS X Sudo Password Bypass
sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch.
CVE-2014-4404 EXPLOITDB HIGH ruby WORKING POC
Mac OS X IOKit Keyboard Driver Root Privilege Escalation
Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted key-mapping properties.
CVSS 7.8
CVE-2019-11539 EXPLOITDB HIGH ruby WORKING POC
Pulse Secure <9.0R3.4-5.1R15.1 - Authenticated Command Injection
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin web interface allows an authenticated attacker to inject and execute commands.
CVSS 7.2
EIP-2026-104141 EXPLOITDB ruby WORKING POC
Zend Server Java Bridge - Arbitrary Java Code Execution (Metasploit)
EIP-2026-104139 EXPLOITDB ruby WORKING POC
Zemra Botnet (C2 Web Panel) - Remote Code Execution (Metasploit)
EIP-2026-104138 EXPLOITDB ruby WORKING POC
Zemra Botnet (C2 Web Panel) - Remote Code Execution (Metasploit)
CVE-2016-2056 EXPLOITDB HIGH ruby WORKING POC
Xymon 4.1.x-4.3.x - Authenticated Command Injection via adduser_name Argument
xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the adduser_name argument in (1) web/useradm.c or (2) web/chpasswd.c.
CVSS 8.8
EIP-2026-104135 EXPLOITDB ruby WORKING POC
Xdh / LinuxNet Perlbot / fBot IRC Bot - Remote Code Execution (Metasploit)
EIP-2026-104134 EXPLOITDB ruby WORKING POC
Xdh / LinuxNet Perlbot / fBot IRC Bot - Remote Code Execution (Metasploit)
CVE-2010-0304 EXPLOITDB ruby WORKING POC
Wireshark 0.9.15-1.0.10 and 1.2.0-1.2.5 - Denial of Service via Malformed LWRES Packet
Multiple buffer overflows in the LWRES dissector in Wireshark 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5 allow remote attackers to cause a denial of service (crash) via a malformed packet, as demonstrated using a stack-based buffer overflow to the dissect_getaddrsbyname_request function.
CVE-2015-7709 EXPLOITDB ruby WORKING POC
Western Digital Arkeia <11.0.12 - Command Injection
The arkeiad daemon in the Arkeia Backup Agent in Western Digital Arkeia 11.0.12 and earlier allows remote attackers to bypass authentication and execute arbitrary commands via a series of crafted requests involving the ARKFS_EXEC_CMD operation.
CVE-2020-2555 EXPLOITDB CRITICAL ruby WORKING POC
Oracle Coherence 3.7.1.0/12.1.3.0.0/12.2.1.3-4 - RCE
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVSS 9.8
EIP-2026-104123 EXPLOITDB ruby WORKING POC
w3tw0rk / Pitbul IRC Bot - Remote Code Execution (Metasploit)
EIP-2026-104121 EXPLOITDB ruby WORKING POC
VNC Keyboard - Remote Code Execution (Metasploit)
CVE-2013-6366 EXPLOITDB ruby WORKING POC
VMware Hyperic HQ 4.6.6 - Authenticated Remote Code Execution via Groovy Script Console
The Groovy script console in VMware Hyperic HQ 4.6.6 allows remote authenticated administrators to execute arbitrary code via a Runtime.getRuntime().exec call.
EIP-2026-104115 EXPLOITDB ruby WORKING POC
v0pCr3w (Web Shell) - Remote Code Execution (Metasploit)