aushack

87 exploits Active since May 1999
CVE-2006-2212 METASPLOIT ruby WORKING POC
Karjasoft Sami FTP Server - Buffer Overflow
Buffer overflow in KarjaSoft Sami FTP Server 2.0.2 and earlier allows remote attackers to execute arbitrary code via a long (1) USER or (2) PASS command.
CVE-1999-1011 METASPLOIT ruby WORKING POC
Microsoft Data Access Components - Access Control
The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands.
CVE-2002-1142 METASPLOIT ruby WORKING POC
Microsoft MDAC <2.7 - Buffer Overflow
Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.
CVE-2005-0308 METASPLOIT ruby WORKING POC
Ursoftware W32dasm - Buffer Overflow
Buffer overflow in the wsprintf function in W32Dasm 8.93 and earlier allows remote attackers to execute arbitrary code via a large import or export function name.
CVE-2004-0964 METASPLOIT ruby WORKING POC
Zinf <2.2.1 - RCE
Buffer overflow in Zinf 2.2.1 on Windows, and other older versions for Linux, allows remote attackers or local users to execute arbitrary code via certain values in a .pls file.
CVE-2007-3314 METASPLOIT ruby WORKING POC
Altap Salamander 2.5 PE Viewer Buffer Overflow
Stack-based buffer overflow in peviewer.spl in Altap Servant Salamander 2.5 with Portable Executable Viewer 2.02 (English Trial), and 2.0 with Portable Executable Viewer 1.00 (English Trial), allows remote attackers to execute arbitrary code via a long PDB debug filename in a PE file.
CVE-2005-1099 METASPLOIT ruby WORKING POC
Greylisting daemon <1.4 - Buffer Overflow
Multiple buffer overflows in the HandleChild function in server.c in Greylisting daemon (GLD) 1.3 and 1.4, when GLD is listening on a network interface, allow remote attackers to execute arbitrary code.
CVE-2007-3010 METASPLOIT CRITICAL ruby WORKING POC
Al-enterprise Omnipcx Enterprise Comm... - Command Injection
masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action.
CVSS 9.8
CVE-2000-0248 METASPLOIT ruby WORKING POC
Red Hat Linux Piranha - Command Injection
The web GUI for the Linux Virtual Server (LVS) software in the Red Hat Linux Piranha package has a backdoor password that allows remote attackers to execute arbitrary commands.
CVE-2000-0284 METASPLOIT ruby WORKING POC
University OF Washington Imap - Buffer Overflow
Buffer overflow in University of Washington imapd version 4.7 allows users with a valid account to execute commands via LIST or other commands.
CVE-2010-1549 EXPLOITDB ruby WORKING POC
HP LoadRunner <9.50 - RCE
Unspecified vulnerability in the Agent in HP LoadRunner before 9.50 and HP Performance Center before 9.50 allows remote attackers to execute arbitrary code via unknown vectors.
CVE-2018-15133 EXPLOITDB HIGH ruby WORKING POC
Laravel Framework <5.6.30 - RCE
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in gadgetchains/Laravel/RCE/3/chain.php in phpggc. The attacker must know the application key, which normally would never occur, but could happen if the attacker previously had privileged access or successfully accomplished a previous attack.
CVSS 8.1