Metasploit

1,875 exploits Active since Aug 1990
CVE-2014-3120 EXPLOITDB HIGH ruby WORKING POC
Elasticsearch < 1.2 - Improper Access Control
The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. NOTE: this only violates the vendor's intended security policy if the user does not run Elasticsearch in its own independent virtual machine.
CVSS 8.1
CVE-2015-1427 EXPLOITDB CRITICAL ruby WORKING POC
Elasticsearch <1.3.8, <1.4.3 - Command Injection
The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script.
CVSS 9.8
CVE-2013-5486 EXPLOITDB ruby WORKING POC
DCNM-SAN Server <6.2(1) - Path Traversal
Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to write arbitrary files via the chartid parameter, aka Bug IDs CSCue77035 and CSCue77036. NOTE: this can be leveraged to execute arbitrary commands by using the JBoss autodeploy functionality.
CVE-2019-1622 EXPLOITDB MEDIUM ruby WORKING POC
Cisco Data Center Network Manager Unauthenticated Remote Code Execution
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. The vulnerability is due to improper access controls for certain URLs on affected DCNM software. An attacker could exploit this vulnerability by connecting to the web-based management interface of an affected device and requesting specific URLs. A successful exploit could allow the attacker to download log files and diagnostic information from the affected device.
CVSS 5.3
EIP-2026-102339 EXPLOITDB ruby WORKING POC
Atlassian Jira - (Authenticated) Upload Code Execution (Metasploit)
EIP-2026-102338 EXPLOITDB ruby WORKING POC
Atlassian Jira - (Authenticated) Upload Code Execution (Metasploit)
CVE-2012-0394 EXPLOITDB ruby WORKING POC
Apache Struts <2.3.1.1 - RCE
The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself.
EIP-2026-102337 EXPLOITDB ruby WORKING POC
Apache Spark - (Unauthenticated) Command Execution (Metasploit)
EIP-2026-102336 EXPLOITDB ruby WORKING POC
Apache Spark - (Unauthenticated) Command Execution (Metasploit)
CVE-2013-4212 EXPLOITDB ruby WORKING POC
Apache Roller < 5.0.1 - Code Injection
Certain getText methods in the ActionSupport controller in Apache Roller before 5.0.2 allow remote attackers to execute arbitrary OGNL expressions via the first or second parameter, as demonstrated by the pageTitle parameter in the !getPageTitle sub-URL to roller-ui/login.rol, which uses a subclass of UIAction, aka "OGNL Injection."
CVE-2016-0710 EXPLOITDB HIGH ruby WORKING POC
Apache Jetspeed Arbitrary File Upload
Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the (1) role or (2) user parameter to services/usermanager/users/.
CVSS 8.8
CVE-2016-3088 EXPLOITDB CRITICAL ruby WORKING POC
ActiveMQ web shell upload
The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.
CVSS 9.8
CVE-2016-4657 EXPLOITDB HIGH ruby WORKING POC
Apple Iphone OS < 9.3.5 - Out-of-Bounds Write
WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
CVSS 8.8
CVE-2010-0188 EXPLOITDB HIGH ruby WORKING POC
Adobe Acrobat < 8.2.1 - Denial of Service
Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.
CVSS 7.8
CVE-2010-0188 EXPLOITDB HIGH ruby WORKING POC
Adobe Acrobat < 8.2.1 - Denial of Service
Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.
CVSS 7.8
CVE-2002-1473 EXPLOITDB ruby WORKING POC
HP-UX <11.11 - Buffer Overflow
Multiple buffer overflows in lp subsystem for HP-UX 10.20 through 11.11 (11i) allow local users to cause a denial of service and possibly execute arbitrary code.
CVE-2005-3757 EXPLOITDB ruby WORKING POC
Google Mini Search Appliance - RCE
The Saxon XSLT parser in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to obtain sensitive information and execute arbitrary code via dangerous Java class methods in select attribute of xsl:value-of tags in XSLT style sheets, such as (1) system-property, (2) sys:getProperty, and (3) run:exec.
CVE-2015-2049 EXPLOITDB ruby WORKING POC
Dlink Dcs-931l Firmware < 1.04 - Unrestricted File Upload
Unrestricted file upload vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension.
EIP-2026-101497 EXPLOITDB ruby WORKING POC
Xerox Multifunction Printers (MFP) - 'Patch' DLM (Metasploit)
EIP-2026-101414 EXPLOITDB ruby WORKING POC
QNAP Transcode Server - Command Execution (Metasploit)
CVE-2014-0659 EXPLOITDB ruby WORKING POC
Cisco Rvs4000 Firmware < 2.0.3.2 - OS Command Injection
The Cisco WAP4410N access point with firmware through 2.0.6.1, WRVS4400N router with firmware 1.x through 1.1.13 and 2.x through 2.0.2.1, and RVS4000 router with firmware through 2.0.3.2 allow remote attackers to read credential and configuration data, and execute arbitrary commands, via requests to the test interface on TCP port 32764, aka Bug IDs CSCum37566, CSCum43693, CSCum43700, and CSCum43685.
CVE-2013-3623 EXPLOITDB ruby WORKING POC
Supermicro Onboard IPMI CGI Vulnerability Scanner
Multiple stack-based buffer overflows in cgi/close_window.cgi in the web interface in the Intelligent Platform Management Interface (IPMI) with firmware before 3.15 (SMT_X9_315) on Supermicro X9 generation motherboards allow remote attackers to execute arbitrary code via the (1) sess_sid or (2) ACT parameter.
CVE-2017-15889 EXPLOITDB HIGH ruby WORKING POC
Synology Diskstation Manager < 5.2-5967-5 - Command Injection
Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2-5967-5 allows remote authenticated users to execute arbitrary commands via disk field.
CVSS 8.8
CVE-2017-17411 EXPLOITDB CRITICAL ruby WORKING POC
Linksys WVBR0 - RCE
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management portal. The issue lies in the lack of proper validation of user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges. Was ZDI-CAN-4892.
CVSS 9.8
CVE-2012-4362 EXPLOITDB ruby WORKING POC
HP San/iq - Credentials Management
hydra.exe in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance has a hardcoded password of L0CAlu53R for the global$agent account, which allows remote attackers to obtain access to a management service via a login: request to TCP port 13838.