Metasploit

1,875 exploits Active since Aug 1990
CVE-2018-15442 EXPLOITDB HIGH ruby WORKING POC
Cisco Webex Meetings <33.6.4 & Productivity Tools 32.6.0-33.0.6 OS Command Injection
A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. The vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by invoking the update service command with a crafted argument. An exploit could allow the attacker to run arbitrary commands with SYSTEM user privileges. While the CVSS Attack Vector metric denotes the requirement for an attacker to have local access, administrators should be aware that in Active Directory deployments, the vulnerability could be exploited remotely by leveraging the operating system remote management tools.
CVSS 7.8
EIP-2026-119263 EXPLOITDB ruby WORKING POC
VX Search Enterprise 9.5.12 - GET Buffer Overflow (Metasploit)
CVE-2013-3520 EXPLOITDB ruby WORKING POC
VMware vCenter Chargeback Manager < 2.5.1 - Remote Code Execution via Unsafe Upload Handling
VMware vCenter Chargeback Manager (aka CBM) before 2.5.1 does not proper handle uploads, which allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-1999-0256 EXPLOITDB ruby WORKING POC
Jgaa Warftpd < 1.66 - Buffer Overflow
Buffer overflow in War FTP allows remote execution of commands.
CVE-2002-2268 EXPLOITDB ruby WORKING POC
Webster HTTP Server - Remote Code Execution via Long URL
Buffer overflow in Webster HTTP Server allows remote attackers to execute arbitrary code via a long URL.
EIP-2026-119266 EXPLOITDB ruby WORKING POC
WebDAV - Application DLL Hijacker (Metasploit)
CVE-2010-0356 EXPLOITDB ruby WORKING POC
Viscom Software Movie Player Pro SDK ActiveX 6.8 - Stack-Based Buffer Overflow via DrawText strFontName Parameter
Stack-based buffer overflow in the MOVIEPLAYER.MoviePlayerCtrl.1 ActiveX control in MoviePlayer.ocx 6.8.0.0 in Viscom Software Movie Player Pro SDK ActiveX 6.8 allows remote attackers to execute arbitrary code via a long strFontName parameter to the DrawText method.
CVE-2010-5194 EXPLOITDB ruby WORKING POC
Viscom Image Viewer <8.0 - Buffer Overflow
Stack-based buffer overflow in the Image2PDF function in the SCRIBBLE.ScribbleCtrl.1 ActiveX control (ImageViewer2.ocx) in Viscom Image Viewer CP Pro 8.0, Gold 5.5, Gold 6.0, and earlier allows remote attackers to execute arbitrary code via a long strPDFFile parameter.
CVE-2007-0348 EXPLOITDB ruby WORKING POC
InterActual Player 2.60.12.0717 - Stack-based Buffer Overflow via ApplicationType Property
Stack-based buffer overflow in the IASystemInfo.dll ActiveX control in (1) InterActual Player 2.60.12.0717, (2) Roxio CinePlayer 3.2, (3) WinDVD 7.0.27.172, and possibly other products, allows remote attackers to execute arbitrary code via a long ApplicationType property.
CVE-2015-4107 EXPLOITDB ruby WORKING POC
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was intended functionality. Notes: none
CVE-2012-3569 EXPLOITDB ruby WORKING POC
VMware OVF Tool 2.1 - Remote Code Execution via Crafted OVF File
Format string vulnerability in VMware OVF Tool 2.1 on Windows, as used in VMware Workstation 8.x before 8.0.5, VMware Player 4.x before 4.0.5, and other products, allows user-assisted remote attackers to execute arbitrary code via a crafted OVF file.
CVE-2011-1574 EXPLOITDB ruby WORKING POC
libmodplug <0.8.8.2 - Buffer Overflow
Stack-based buffer overflow in the ReadS3M method in load_s3m.cpp in libmodplug before 0.8.8.2 allows remote attackers to execute arbitrary code via a crafted S3M file.
CVE-2010-3275 EXPLOITDB ruby WORKING POC
VideoLAN VLC Media Player <1.1.8 - RCE
libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an AMV file, related to a "dangling pointer vulnerability."
CVE-2012-1775 EXPLOITDB ruby WORKING POC
VLC media player < 2.0.1 - Remote Code Execution via Crafted MMS Stream
Stack-based buffer overflow in VideoLAN VLC media player before 2.0.1 allows remote attackers to execute arbitrary code via a crafted MMS:// stream.
CVE-2012-3569 EXPLOITDB ruby WORKING POC
VMware OVF Tool 2.1 - Remote Code Execution via Crafted OVF File
Format string vulnerability in VMware OVF Tool 2.1 on Windows, as used in VMware Workstation 8.x before 8.0.5, VMware Player 4.x before 4.0.5, and other products, allows user-assisted remote attackers to execute arbitrary code via a crafted OVF file.
CVE-2008-0065 EXPLOITDB ruby WORKING POC
Nullsoft Winamp 5.21-5.51 - Remote Code Execution via Ultravox Streaming Metadata
Multiple stack-based buffer overflows in in_mp3.dll in Winamp 5.21, 5.5, and 5.51 allow remote attackers to execute arbitrary code via a long (1) artist or (2) name tag in Ultravox streaming metadata, related to construction of stream titles.
CVE-2011-1591 EXPLOITDB ruby WORKING POC
Wireshark 1.4.x < 1.4.5 - Stack-Based Buffer Overflow in DECT Dissector
Stack-based buffer overflow in the DECT dissector in epan/dissectors/packet-dect.c in Wireshark 1.4.x before 1.4.5 allows remote attackers to execute arbitrary code via a crafted .pcap file.
CVE-2008-5159 EXPLOITDB ruby WORKING POC
Client Software WinCom LPD Total < 3.0.2.623 - Denial of Service via Large String Length Argument
Integer overflow in the remote administration protocol processing in Client Software WinCom LPD Total 3.0.2.623 and earlier allows remote attackers to cause a denial of service (crash) via a large string length argument, which triggers memory corruption.
CVE-2009-2011 EXPLOITDB ruby WORKING POC
Worldweaver DX Studio Player <3.0.29.1 - RCE
Worldweaver DX Studio Player 3.0.29.0, 3.0.22.0, 3.0.12.0, and probably other versions before 3.0.29.1, when used as a plug-in for Firefox, does not restrict access to the shell.execute JavaScript API method, which allows remote attackers to execute arbitrary commands via a .dxstudio file that invokes this method.
CVE-2015-4523 EXPLOITDB CRITICAL ruby WORKING POC
Blue Coat Malware Analysis Appliance <4.2.5 & Malware Analyzer G2 <3.5 - RCE via VM Protection Bypass
Blue Coat Malware Analysis Appliance (MAA) before 4.2.5 and Malware Analyzer G2 allow remote attackers to bypass a virtual machine protection mechanism and consequently write to arbitrary files, cause a denial of service (host reboot or reset to factory defaults), or execute arbitrary code via vectors related to saving files during analysis.
CVSS 9.3
CVE-2013-0109 EXPLOITDB ruby WORKING POC
NVIDIA Display Driver <307.78 & R310<311.00 - Privilege Escalation/DoS via Exception Handling
The NVIDIA driver before 307.78, and Release 310 before 311.00, in the NVIDIA Display Driver service on Windows does not properly handle exceptions, which allows local users to gain privileges or cause a denial of service (memory overwrite) via a crafted application.
CVE-2016-0040 EXPLOITDB HIGH ruby WORKING POC
Microsoft Windows - Privilege Escalation
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka "Windows Elevation of Privilege Vulnerability."
CVSS 7.8
CVE-2017-9769 EXPLOITDB CRITICAL ruby WORKING POC
Razer Synapse <2.20.15.1104 - Privilege Escalation
A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse 2.20.15.1104 that is forwarded to ZwOpenProcess allowing a handle to be opened to an arbitrary process.
CVSS 9.8
CVE-2006-5216 EXPLOITDB ruby WORKING POC
Sergey Lyubka Simple HTTPD <1.34 - RCE
Stack-based buffer overflow in Sergey Lyubka Simple HTTPD (shttpd) 1.34 allows remote attackers to execute arbitrary code via a long URI.
CVE-2004-1373 EXPLOITDB ruby WORKING POC
SHOUTcast 1.9.4 - Remote Code Execution via Format String in Content URL
Format string vulnerability in SHOUTcast 1.9.4 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via format string specifiers in a content URL, as demonstrated in the filename portion of a .mp3 file.