Metasploit

1,875 exploits Active since Aug 1990
EIP-2026-104114 EXPLOITDB ruby WORKING POC
v0pCr3w (Web Shell) - Remote Code Execution (Metasploit)
CVE-2019-15954 EXPLOITDB CRITICAL ruby WORKING POC
Total.js CMS 12.0.0 - Authenticated RCE
An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote Command Execution (RCE) on the remote server by creating a malicious widget with a special tag containing JavaScript code that will be evaluated server side. In the process of evaluating the tag by the back-end, it is possible to escape the sandbox object by using the following payload: <script total>global.process.mainModule.require(child_process).exec(RCE);</script>
CVSS 9.9
CVE-2013-1428 EXPLOITDB ruby WORKING POC
tinc < 1.0.21 and 1.1 < 1.1pre7 - Authenticated Stack-Based Buffer Overflow via Large TCP Packet
Stack-based buffer overflow in the receive_tcppacket function in net_packet.c in tinc before 1.0.21 and 1.1 before 1.1pre7 allows remote authenticated peers to cause a denial of service (crash) or possibly execute arbitrary code via a large TCP packet.
EIP-2026-104102 EXPLOITDB ruby WORKING POC
TeamCity Agent - XML-RPC Command Execution (Metasploit)
EIP-2026-104101 EXPLOITDB ruby WORKING POC
TeamCity Agent - XML-RPC Command Execution (Metasploit)
CVE-2014-1649 EXPLOITDB ruby WORKING POC
Symantec Workspace Streaming <7.5.0.749 - SSRF
The server in Symantec Workspace Streaming (SWS) before 7.5.0.749 allows remote attackers to access files and functionality by sending a crafted XMLRPC request over HTTPS.
CVE-2010-3563 EXPLOITDB ruby WORKING POC
Oracle Java SE/Jav for Bus <6 Update 21 - Info Disclosure
Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to "how Web Start retrieves security policies," BasicServiceImpl, and forged policies that bypass sandbox restrictions.
CVE-2010-0361 EXPLOITDB ruby WORKING POC
Sun Java System Web Server 7.0 Update 7 - Stack-Based Buffer Overflow via WebDAV OPTIONS Request
Stack-based buffer overflow in the WebDAV implementation in webservd in Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via a long URI in an HTTP OPTIONS request.
CVE-2009-3867 EXPLOITDB ruby WORKING POC
Sun Java JRE getSoundbank file:// URI Buffer Overflow
Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303.
CVE-2010-4452 EXPLOITDB ruby WORKING POC
Oracle Java SE/Jav for Bus <6 - Info Disclosure
Unspecified vulnerability in the Deployment component in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors.
CVE-2009-3869 EXPLOITDB ruby WORKING POC
Sun Java JRE AWT setDiffICM Buffer Overflow
Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a crafted argument, aka Bug Id 6872357.
CVE-2008-5353 EXPLOITDB ruby WORKING POC
Sun Java Calendar Deserialization Privilege Escalation
The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows remote attackers to run untrusted applets and applications in a privileged context, as demonstrated by "deserializing Calendar objects".
CVE-1999-0502 EXPLOITDB ruby WORKING POC
HP-UX - Unauthenticated Remote Login via Default Null Password
A Unix account has a default, null, blank, or missing password.
EIP-2026-104087 EXPLOITDB ruby WORKING POC
Squiggle 1.7 - SVG Browser Java Code Execution (Metasploit)
CVE-2013-5036 EXPLOITDB ruby WORKING POC
Square Squash - Remote Code Execution via YAML in Namespace or Sourcemap Parameter
The Square Squash allows remote attackers to execute arbitrary code via a YAML document in the (1) namespace parameter to the deobfuscation function or (2) sourcemap parameter to the sourcemap function in app/controllers/api/v1_controller.rb.
EIP-2026-104086 EXPLOITDB ruby WORKING POC
Splunk 5.0 - Custom App Remote Code Execution (Metasploit)
CVE-2013-1359 EXPLOITDB CRITICAL ruby WORKING POC
DELL SonicWALL Analyzer 7.0, GMS 4.1-7.0, UMA 5.1-7.0, ViewPoint 4.1-6.0 - Authentication Bypass
An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface (/appliance/), which could let a remote malicious user obtain access to the root account.
CVSS 9.8
CVE-2003-0722 EXPLOITDB ruby WORKING POC
Solaris - Unauthenticated Remote Privilege Escalation via sadmind AUTH_SYS Spoofing
The default installation of sadmind on Solaris uses weak authentication (AUTH_SYS), which allows local and remote attackers to spoof Solstice AdminSuite clients and gain root privileges via a certain sequence of RPC packets.
CVE-2006-5276 EXPLOITDB ruby WORKING POC
Snort < 2.6.1.3 and 2.7 < beta 2 - Remote Code Execution via DCE/RPC Preprocessor
Stack-based buffer overflow in the DCE/RPC preprocessor in Snort before 2.6.1.3, and 2.7 before beta 2; and Sourcefire Intrusion Sensor; allows remote attackers to execute arbitrary code via crafted SMB traffic.
CVE-2008-5353 EXPLOITDB ruby WORKING POC
Sun Java Calendar Deserialization Privilege Escalation
The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows remote attackers to run untrusted applets and applications in a privileged context, as demonstrated by "deserializing Calendar objects".
EIP-2026-104071 EXPLOITDB ruby WORKING POC
SAP SOAP RFC - SXPG_COMMAND_EXECUTE Remote Command Execution (Metasploit)
EIP-2026-104070 EXPLOITDB ruby WORKING POC
SAP SOAP RFC - SXPG_CALL_SYSTEM Remote Command Execution (Metasploit)
CVE-2015-3224 EXPLOITDB ruby WORKING POC
rubyonrails/web_console < 2.1.2 and rubygems/web-console < 2.1.3 - Improper Access Control via X-Forwarded-For Header
request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted request.
CVE-2013-0156 EXPLOITDB ruby WORKING POC
Ruby on Rails JSON Processor YAML Deserialization Code Execution
active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion.
CVE-2013-0156 EXPLOITDB ruby WORKING POC
Ruby on Rails JSON Processor YAML Deserialization Code Execution
active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion.