Metasploit

1,875 exploits Active since Aug 1990
EIP-2026-102466 EXPLOITDB ruby WORKING POC
CA Arcserve D2D GWT RPC - Credential Information Disclosure (Metasploit)
CVE-2015-8249 EXPLOITDB CRITICAL ruby WORKING POC
ManageEngine Desktop Central <9 - RCE
The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arbitrary files via the ConnectionId parameter.
CVSS 9.8
CVE-2010-1871 EXPLOITDB HIGH ruby WORKING POC
JBoss Enterprise Application Platform 4.3.0 - Remote Code Execution via JBoss Expression Language Injection
JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language (EL) expressions, which allows remote attackers to execute arbitrary code via a crafted URL. NOTE: this is only a vulnerability when the Java Security Manager is not properly configured.
CVSS 8.8
CVE-2014-8516 EXPLOITDB CRITICAL ruby WORKING POC
Visual Mining NetCharts Server - Unrestricted File Upload and Remote Code Execution
Unrestricted file upload vulnerability in Visual Mining NetCharts Server allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors.
CVSS 9.8
CVE-2017-12617 EXPLOITDB HIGH ruby WORKING POC
Apache Tomcat 7.0.0-7.0.81, 8.0.0.RC1-8.0.46, 8.5.0-8.5.22, 9.0.0.M1-9.0.0 - Remote Code Execution via JSP Upload
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
CVSS 8.1
CVE-2015-2995 EXPLOITDB ruby WORKING POC
SysAid < 15.1 - Remote Code Execution via RdsLogsEntry File Upload
The RdsLogsEntry servlet in SysAid Help Desk before 15.2 does not properly check file extensions, which allows remote attackers to upload and execute arbitrary files via a NULL byte after the extension, as demonstrated by a .war%00 file.
EIP-2026-102349 EXPLOITDB ruby WORKING POC
SolarWinds Storage Manager - Authentication Bypass (Metasploit)
EIP-2026-102347 EXPLOITDB ruby WORKING POC
Oracle Business Transaction Management FlashTunnelService - Remote Code Execution (Metasploit)
EIP-2026-102346 EXPLOITDB ruby WORKING POC
Oracle Application Testing Suite - WebLogic Server Administration Console War Deployment (Metasploit)
CVE-2016-0492 EXPLOITDB ruby WORKING POC
Oracle Application Testing Suite - Info Disclosure
Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Load Testing for Web Apps, a different vulnerability than CVE-2016-0488. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the isAllowedUrl function, which allows remote attackers to bypass authentication via directory traversal sequences following a URI entry that does not require authentication, as demonstrated by olt/Login.do/../../olt/UploadFileUpload.do.
CVE-2015-0779 EXPLOITDB ruby WORKING POC
Novell ZENworks Configuration Management < 11.3.2 - Remote Code Execution via UploadServlet uid Parameter
Directory traversal vulnerability in UploadServlet in Novell ZENworks Configuration Management (ZCM) 10 and 11 before 11.3.2 allows remote attackers to execute arbitrary code via a crafted directory name in the uid parameter, in conjunction with a WAR filename in the filename parameter and WAR content in the POST data, a different vulnerability than CVE-2010-5323 and CVE-2010-5324.
CVE-2011-2653 EXPLOITDB ruby WORKING POC
Novell ZENworks Asset Management 7.5 - Remote Code Execution via rtrlet Directory Traversal
Directory traversal vulnerability in the rtrlet component in Novell ZENworks Asset Management (ZAM) 7.5 allows remote attackers to execute arbitrary code by uploading an executable file.
CVE-2015-7766 EXPLOITDB ruby WORKING POC
ZOHO ManageEngine OpManager <11.6 - Auth Bypass
PGSQL:SubmitQuery.do in ZOHO ManageEngine OpManager 11.6, 11.5, and earlier allows remote administrators to bypass SQL query restrictions via a comment in the query to api/json/admin/SubmitQuery, as demonstrated by "INSERT/**/INTO."
CVE-2014-5301 EXPLOITDB HIGH ruby WORKING POC
ManageEngine ServiceDesk Plus MSP 5-9.0.9030 Path Traversal
Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4.
CVSS 8.8
EIP-2026-102344 EXPLOITDB ruby WORKING POC
Manage Engine Exchange Reporter Plus - Remote Code Execution (Metasploit)
EIP-2026-102343 EXPLOITDB ruby WORKING POC
Manage Engine Exchange Reporter Plus - Remote Code Execution (Metasploit)
CVE-2020-7961 EXPLOITDB CRITICAL WORKING POC
Liferay Portal <7.2.1 CE GA2 - Code Injection
Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS).
CVSS 9.8
CVE-2014-8741 EXPLOITDB CRITICAL ruby WORKING POC
Lexmark MarkVision Enterprise <2.1 - Path Traversal
Directory traversal vulnerability in the GfdFileUploadServerlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to write to arbitrary files via unspecified vectors.
CVSS 9.8
CVE-2015-8103 EXPLOITDB CRITICAL ruby WORKING POC
Jenkins CLI RMI Java Deserialization Vulnerability
The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-*.jar file and the "Groovy variant in 'ysoserial'".
CVSS 9.8
CVE-2019-1003002 EXPLOITDB HIGH ruby WORKING POC
Pipeline: Declarative Plugin <1.3.3 - RCE
A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.
CVSS 8.8
CVE-2013-0422 EXPLOITDB CRITICAL ruby WORKING POC
Oracle JDK 7 - Remote Code Execution via JMX MBean Instantiator and Reflection API
Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary Class references using the findClass method, and (2) using the Reflection API with recursion in a way that bypasses a security check by the java.lang.invoke.MethodHandles.Lookup.checkSecurityManager method due to the inability of the sun.reflect.Reflection.getCallerClass method to skip frames related to the new reflection API, as exploited in the wild in January 2013, as demonstrated by Blackhole and Nuclear Pack, and a different vulnerability than CVE-2012-4681 and CVE-2012-3174. NOTE: some parties have mapped the recursive Reflection API issue to CVE-2012-3174, but CVE-2012-3174 is for a different vulnerability whose details are not public as of 20130114. CVE-2013-0422 covers both the JMX/MBean and Reflection API issues. NOTE: it was originally reported that Java 6 was also vulnerable, but the reporter has retracted this claim, stating that Java 6 is not exploitable because the relevant code is called in a way that does not bypass security checks. NOTE: as of 20130114, a reliable third party has claimed that the findClass/MBeanInstantiator vector was not fixed in Oracle Java 7 Update 11. If there is still a vulnerable condition, then a separate CVE identifier might be created for the unfixed issue.
CVSS 9.8
CVE-2012-1723 EXPLOITDB CRITICAL ruby WORKING POC
Java Applet Field Bytecode Verifier Cache Remote Code Execution
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
CVSS 9.8
CVE-2012-5076 EXPLOITDB CRITICAL ruby WORKING POC
Java Applet AverageRangeStatisticImpl Remote Code Execution
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS.
CVSS 9.8
CVE-2012-4681 EXPLOITDB CRITICAL ruby WORKING POC
Java 7 Applet Remote Code Execution
Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by (1) using com.sun.beans.finder.ClassFinder.findClass and leveraging an exception with the forName method to access restricted classes from arbitrary packages such as sun.awt.SunToolkit, then (2) using "reflection with a trusted immediate caller" to leverage the getField method to access and modify private fields, as exploited in the wild in August 2012 using Gondzz.class and Gondvv.class.
CVSS 9.8
CVE-2013-6221 EXPLOITDB ruby WORKING POC
HP Service Virtualization 3.x < 3.50.1 - Path Traversal and Arbitrary File Write via CommunicationServlet
Directory traversal vulnerability in CommunicationServlet in HP Service Virtualization 3.x before 3.50.1, when the AutoPass license server is enabled, allows remote attackers to create arbitrary files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-2031.