Metasploit

1,875 exploits Active since Aug 1990
CVE-2016-6277 EXPLOITDB HIGH ruby WORKING POC
NETGEAR D6220/D6400/R6250/R6400/R6700/R6900/R7000/R7100LG/R7300DST/R7900/R8000 Firmware - Remote Code Execution
NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.
CVSS 8.8
CVE-2007-3010 EXPLOITDB CRITICAL ruby WORKING POC
Alcatel OmniPCX Enterprise < 7.1 - Remote Command Execution via Unified Maintenance Tool
masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action.
CVSS 9.8
CVE-2005-0116 EXPLOITDB ruby WORKING POC
awstats < 6.3 - Remote Code Execution via configdir Parameter
AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl.
CVE-2006-2237 EXPLOITDB ruby WORKING POC
AWStats 6.4-6.5 - Remote Code Execution via Migrate Parameter
The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter.
EIP-2026-100692 EXPLOITDB ruby WORKING POC
Morris Worm - fingerd Stack Buffer Overflow (Metasploit)
CVE-2015-5453 EXPLOITDB ruby WORKING POC
Watchguard XCS <10.0 - Command Injection
Watchguard XCS 9.2 and 10.0 before build 150522 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the id parameter to ADMIN/mailqueue.spl.
CVE-2003-0201 EXPLOITDB ruby WORKING POC
Samba < 2.2.8a and 2.0.10 - Remote Code Execution via call_trans2open Buffer Overflow
Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.
CVE-2009-2265 EXPLOITDB ruby WORKING POC
FCKeditor <2.6.4.1 - Path Traversal
Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory.
EIP-2026-100688 EXPLOITDB ruby WORKING POC
Watchguard XCS - FixCorruptMail Privilege Escalation (Metasploit)
CVE-2014-7140 EXPLOITDB ruby WORKING POC
Citrix NetScaler <10.1-129.11, <10.5-50.10 - RCE
Unspecified vulnerability in the management interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.x before 10.1-129.11 and 10.5 before 10.5-50.10 allows remote attackers to execute arbitrary code via unknown vectors.
CVE-2011-4862 EXPLOITDB ruby WORKING POC
GNU inetutils < 1.9 - Remote Code Execution via Long Encryption Key
Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.
EIP-2026-100691 EXPLOITDB ruby WORKING POC
Morris Worm - fingerd Stack Buffer Overflow (Metasploit)
CVE-2014-0514 EXPLOITDB ruby WORKING POC
Adobe Reader Mobile < 11.2 - Remote Code Execution via JavaScript in PDF
The Adobe Reader Mobile application before 11.2 for Android does not properly restrict use of JavaScript, which allows remote attackers to execute arbitrary code via a crafted PDF document, a related issue to CVE-2012-6636.
EIP-2026-100051 EXPLOITDB ruby WORKING POC
Allwinner 3.4 Legacy Kernel - Local Privilege Escalation (Metasploit)
CVE-2009-2727 EXPLOITDB ruby WORKING POC
IBM AIX 5.2.0, 5.3.0, 5.3.7-5.3.10, 6.1.0-6.1.3 - Stack-Based Buffer Overflow in _tt_internal_realpath
Stack-based buffer overflow in the _tt_internal_realpath function in the ToolTalk library (libtt.a) in IBM AIX 5.2.0, 5.3.0, 5.3.7 through 5.3.10, and 6.1.0 through 6.1.3, when the rpc.ttdbserver daemon is enabled in /etc/inetd.conf, allows remote attackers to execute arbitrary code via a long XDR-encoded ASCII string to remote procedure 15.
CVE-2009-3699 EXPLOITDB ruby WORKING POC
IBM VIOS < 2.1.0 and AIX 5.x-6.1.3 - Remote Code Execution via Long XDR String in rpc.cmsd
Stack-based buffer overflow in libcsa.a (aka the calendar daemon library) in IBM AIX 5.x through 5.3.10 and 6.x through 6.1.3, and VIOS 2.1 and earlier, allows remote attackers to execute arbitrary code via a long XDR string in the first argument to procedure 21 of rpc.cmsd.
CVE-2008-5405 EXPLOITDB ruby WORKING POC
Cain & Abel <4.9.24 - Buffer Overflow
Stack-based buffer overflow in the RDP protocol password decoder in Cain & Abel 4.9.23 and 4.9.24, and possibly earlier, allows remote attackers to execute arbitrary code via an RDP file containing a long string.
EIP-2026-100066 EXPLOITDB ruby WORKING POC
Google Android ADB Debug Server - Remote Payload Execution (Metasploit)
CVE-2009-4265 EXPLOITDB ruby WORKING POC
Ideal Administration 2009 <9.7.1 - Buffer Overflow
Stack-based buffer overflow in Ideal Administration 2009 9.7.1, and possibly other versions, allows remote attackers to execute arbitrary code via a long Computer value in an .ipj project file.
CVE-2015-3864 EXPLOITDB ruby WORKING POC
Android < 5.1.1 - Remote Code Execution via Crafted MPEG-4 Data
Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted MPEG-4 data, aka internal bug 23034759. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3824.
CVE-2012-6636 EXPLOITDB ruby WORKING POC
Android API < 16.0 - Remote Code Execution via WebView.addJavascriptInterface
The Android API before 17 does not properly restrict the WebView.addJavascriptInterface method, which allows remote attackers to execute arbitrary methods of Java objects by using the Java Reflection API within crafted JavaScript code that is loaded into the WebView component in an application targeted to API level 16 or earlier, a related issue to CVE-2013-4710.
CVE-2013-6282 EXPLOITDB HIGH ruby WORKING POC
Android get_user/put_user Exploit
The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the contents of arbitrary kernel memory locations via a crafted application, as exploited in the wild against Android devices in October and November 2013.
CVSS 8.8
CVE-2017-13156 EXPLOITDB HIGH ruby WORKING POC
Android Janus APK Signature bypass
An elevation of privilege vulnerability in the Android system (art). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-64211847.
CVSS 7.8
CVE-2019-2215 EXPLOITDB HIGH ruby WORKING POC
Android Binder Use-After-Free Exploit
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095
CVSS 7.8
EIP-2026-100069 EXPLOITDB ruby WORKING POC
Samsung Galaxy KNOX Android Browser - Remote Code Execution (Metasploit)