Metasploit

1,875 exploits Active since Aug 1990
EIP-2026-103141 EXPLOITDB ruby WORKING POC
HP System Management - Anonymous Access Code Execution (Metasploit)
CVE-2005-2773 EXPLOITDB CRITICAL ruby WORKING POC
HP OpenView Network Node Manager <7.50 - RCE
HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes.ovpl, (2) cdpView.ovpl, (3) freeIPaddrs.ovpl, and (4) ecscmg.ovpl.
CVSS 9.8
CVE-2014-2624 EXPLOITDB ruby WORKING POC
HP Network Node Manager i <9.2x - RCE
Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x, 9.1x, and 9.2x allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2264.
CVE-2012-0209 EXPLOITDB ruby WORKING POC
Horde Groupware 1.2.10 and Horde 3.3.12 - Remote Code Execution via Trojanized JavaScript Template
Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP between November 2011 and February 2012, contains an externally introduced modification (Trojan Horse) in templates/javascript/open_calendar.js, which allows remote attackers to execute arbitrary PHP code.
CVE-2014-4880 EXPLOITDB ruby WORKING POC
Hikvision DVR DS-7204 Firmware 2.2.10 build 131009 - Remote Code Execution via RTSP PLAY Authorization Header
Buffer overflow in Hikvision DVR DS-7204 Firmware 2.2.10 build 131009, and other models and versions, allows remote attackers to execute arbitrary code via an RTSP PLAY request with a long Authorization header.
EIP-2026-103138 EXPLOITDB ruby WORKING POC
HID discoveryd - 'command_blink_on' Remote Code Execution (Metasploit)
EIP-2026-103137 EXPLOITDB ruby WORKING POC
HID discoveryd - 'command_blink_on' Remote Code Execution (Metasploit)
EIP-2026-103136 EXPLOITDB ruby WORKING POC
Hashicorp Consul - Remote Command Execution via Services API (Metasploit)
EIP-2026-103135 EXPLOITDB ruby WORKING POC
Hashicorp Consul - Remote Command Execution via Services API (Metasploit)
EIP-2026-103134 EXPLOITDB ruby WORKING POC
Hashicorp Consul - Remote Command Execution via Rexec (Metasploit)
EIP-2026-103133 EXPLOITDB ruby WORKING POC
Hashicorp Consul - Remote Command Execution via Rexec (Metasploit)
CVE-2015-4624 EXPLOITDB HIGH ruby WORKING POC
Hak5 WiFi Pineapple 2.0-2.3 - Predictable CSRF Token
Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens.
CVSS 7.5
EIP-2026-103127 EXPLOITDB ruby WORKING POC
Hadoop YARN ResourceManager - Command Execution (Metasploit)
EIP-2026-103126 EXPLOITDB ruby WORKING POC
Hadoop YARN ResourceManager - Command Execution (Metasploit)
CVE-2013-3502 EXPLOITDB ruby WORKING POC
GroundWork Monitor Enterprise 6.7.0 - Authenticated Remote Code Execution via monarch_scan.cgi
monarch_scan.cgi in the MONARCH component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to execute arbitrary commands, and consequently obtain sensitive information, by leveraging a JOSSO SSO cookie.
EIP-2026-103115 EXPLOITDB ruby WORKING POC
Gitorious - Arbitrary Command Execution (Metasploit)
CVE-2013-4490 EXPLOITDB ruby WORKING POC
GitLab <5.4.1, <6.2.3 - Command Injection
The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the public key.
EIP-2026-103114 EXPLOITDB ruby WORKING POC
Github Enterprise - Default Session Secret and Deserialization (Metasploit)
EIP-2026-103113 EXPLOITDB ruby WORKING POC
Github Enterprise - Default Session Secret and Deserialization (Metasploit)
CVE-2013-2121 EXPLOITDB ruby WORKING POC
Redhat Openstack < 1.2.0 - Code Injection
Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute.
CVE-2010-4345 EXPLOITDB HIGH ruby WORKING POC
Exim4 string_format Function Heap Buffer Overflow
Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
CVSS 7.8
CVE-2016-1561 EXPLOITDB HIGH ruby WORKING POC
ExaGrid <4.8 P26 - Privilege Escalation
ExaGrid appliances with firmware before 4.8 P26 have a default SSH public key in the authorized_keys file for root, which allows remote attackers to obtain SSH access by leveraging knowledge of a private key from another installation or a firmware image.
CVSS 7.5
CVE-2015-5082 EXPLOITDB ruby WORKING POC
Endian Firewall < 2.5.1 - Remote Command Execution via Password Change Parameters
Endian Firewall before 3.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) NEW_PASSWORD_1 or (2) NEW_PASSWORD_2 parameter to cgi-bin/chpasswd.cgi.
CVE-2018-1111 EXPLOITDB HIGH ruby WORKING POC
DHCP Client Command Injection (DynoRoot)
DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier are vulnerable to a command injection flaw in the NetworkManager integration script included in the DHCP client. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol.
CVSS 7.5
CVE-2006-2502 EXPLOITDB ruby WORKING POC
Cyrus IMAPD 2.3.2 - Stack-Based Buffer Overflow via Long USER Command
Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.