hdm

397 exploits Active since Jan 1997
CVE-2006-3511 EXPLOITDB text WORKING POC
Internet Explorer 6 on Windows XP SP2 - DoS
Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by setting the fonts property of the HtmlDlgSafeHelper object, which triggers a null dereference.
CVE-2003-0714 EXPLOITDB perl WORKING POC
Exchange Server 5.5 and 2000 - Denial of Service via SMTP Extended Verb Request
The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 allows remote attackers to cause a denial of service (memory exhaustion) by directly connecting to the SMTP service and sending a certain extended verb request, possibly triggering a buffer overflow in Exchange 2000.
EIP-2026-114692 EXPLOITDB ruby WORKING POC
Ruby on Rails - Development Web Console (v2) Code Execution (Metasploit)
CVE-2009-2288 EXPLOITDB ruby WORKING POC
Nagios < 3.1.1 - OS Command Injection via statuswml.cgi Ping or Traceroute Parameters
statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters.
CVE-2011-2523 EXPLOITDB CRITICAL ruby WORKING POC
vsftpd 2.3.4 - Backdoor Command Execution
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
CVSS 9.8
CVE-2012-5965 EXPLOITDB ruby WORKING POC
portable SDK for UPnP Devices 1.3.1 - Stack-based Buffer Overflow in SSDP DeviceType Field
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code via a long DeviceType (aka urn device) field in a UDP packet.
CVE-2017-15944 EXPLOITDB CRITICAL ruby WORKING POC
Palo Alto Network PAN-OS - Remote Code Execution
Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management interface.
CVSS 9.8
CVE-2006-0848 EXPLOITDB ruby WORKING POC
macOS X - Remote Code Execution via Safari Safe Files Download Feature
The "Open 'safe' files after downloading" option in Safari on Apple Mac OS X allows remote user-assisted attackers to execute arbitrary commands by tricking a user into downloading a __MACOSX folder that contains metadata (resource fork) that invokes the Terminal, which automatically interprets the script using bash, as demonstrated using a ZIP file that contains a script with a safe file extension.
EIP-2026-114778 EXPLOITDB ruby WORKING POC
Accellion File Transfer Appliance MPIPE2 - Command Execution (Metasploit)
CVE-2001-0803 EXPLOITDB ruby WORKING POC
CDE Common Desktop Environment - Remote Code Execution via Buffer Overflow in dtspcd Client Connection Routine
Buffer overflow in the client connection routine of libDtSvc.so.1 in CDE Subprocess Control Service (dtspcd) allows remote attackers to execute arbitrary commands.
CVE-2003-0201 EXPLOITDB ruby WORKING POC
Samba < 2.2.8a and 2.0.10 - Remote Code Execution via call_trans2open Buffer Overflow
Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.
CVE-2001-1583 EXPLOITDB ruby WORKING POC
Solaris 8 - Remote Code Execution
lpd daemon (in.lpd) in Solaris 8 and earlier allows remote attackers to execute arbitrary commands via a job request with a crafted control file that is not properly handled when lpd invokes a mail program. NOTE: this might be the same vulnerability as CVE-2000-1220.
CVE-2001-1583 EXPLOITDB ruby WORKING POC
Solaris 8 - Remote Code Execution
lpd daemon (in.lpd) in Solaris 8 and earlier allows remote attackers to execute arbitrary commands via a job request with a crafted control file that is not properly handled when lpd invokes a mail program. NOTE: this might be the same vulnerability as CVE-2000-1220.
CVE-2001-0803 EXPLOITDB ruby WORKING POC
CDE Common Desktop Environment - Remote Code Execution via Buffer Overflow in dtspcd Client Connection Routine
Buffer overflow in the client connection routine of libDtSvc.so.1 in CDE Subprocess Control Service (dtspcd) allows remote attackers to execute arbitrary commands.
CVE-2007-2446 EXPLOITDB ruby WORKING POC
Samba 3.0.0-3.0.25rc3 - Buffer Overflow
Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), or (5) LsarLookupSids/LsarLookupSids2 (lsa_io_trans_names).
CVE-2005-1921 EXPLOITDB ruby WORKING POC
PEAR XML_RPC < 1.3.0 and PHPXMLRPC < 1.1 - Remote Code Execution via Unsanitized XML Input
Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.
CVE-2005-2612 EXPLOITDB ruby WORKING POC
WordPress <1.5.1.3 - Code Injection
Direct code injection vulnerability in WordPress 1.5.1.3 and earlier allows remote attackers to execute arbitrary PHP code via the cache_lastpostdate[server] cookie.
CVE-2005-2086 EXPLOITDB ruby WORKING POC
phpBB <= 2.0.15 - Remote File Inclusion in viewtopic.php
PHP remote file inclusion vulnerability in viewtopic.php in phpBB 2.0.15 and earlier allows remote attackers to execute arbitrary PHP code.
CVE-2012-5159 EXPLOITDB ruby WORKING POC
phpMyAdmin 3.5.2.2 - Remote Code Execution via Trojaned server_sync.php
phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during an unspecified time frame in 2012, contains an externally introduced modification (Trojan Horse) in server_sync.php, which allows remote attackers to execute arbitrary PHP code via an eval injection attack.
CVE-2006-1551 EXPLOITDB ruby WORKING POC
PAJAX 0.5.1 - Remote Code Execution via pajax_call_dispatcher.php Method and Args Parameters
Eval injection vulnerability in pajax_call_dispatcher.php in PAJAX 0.5.1 and earlier allows remote attackers to execute arbitrary code via the (1) $method and (2) $args parameters.
CVE-2006-0395 EXPLOITDB ruby WORKING POC
Mac OS X 10.4 - Unsafe Attachment Handling in Mail Download Validation
The Download Validation in Mail in Mac OS X 10.4 does not properly recognize attachment file types to warn a user of an unsafe type, which allows user-assisted remote attackers to execute arbitrary code via crafted file types.
CVE-2013-2010 EXPLOITDB CRITICAL ruby WORKING POC
W3 Total Cache < 0.9.2.8 - Remote PHP Code Execution
WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability
CVSS 9.8
CVE-2007-1286 EXPLOITDB ruby WORKING POC
PHP < 4.4.4 - Remote Code Execution via Long String to unserialize Function
Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter.
CVE-2012-2336 EXPLOITDB ruby WORKING POC
PHP < 5.3.13 and 5.4.x < 5.4.3 - Denial of Service via Malformed CGI Query String
sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service (resource consumption) by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'T' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823.
CVE-2003-0201 EXPLOITDB ruby WORKING POC
Samba < 2.2.8a and 2.0.10 - Remote Code Execution via call_trans2open Buffer Overflow
Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.