hdm

397 exploits Active since Jan 1997
CVE-2007-2175 EXPLOITDB ruby WORKING POC
Apple QuickTime Java extensions - RCE
Apple QuickTime Java extensions (QTJava.dll), as used in Safari and other browsers, and when Java is enabled, allows remote attackers to execute arbitrary code via parameters to the toQTPointer method in quicktime.util.QTHandleRef, which can be used to modify arbitrary memory when creating QTPointerRef objects, as demonstrated during the "PWN 2 0WN" contest at CanSecWest 2007.
CVE-2004-2687 EXPLOITDB ruby WORKING POC
distcc 2.x - Remote Code Execution
distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks.
CVE-2007-2175 EXPLOITDB ruby WORKING POC
Apple QuickTime Java extensions - RCE
Apple QuickTime Java extensions (QTJava.dll), as used in Safari and other browsers, and when Java is enabled, allows remote attackers to execute arbitrary code via parameters to the toQTPointer method in quicktime.util.QTHandleRef, which can be used to modify arbitrary memory when creating QTPointerRef objects, as demonstrated during the "PWN 2 0WN" contest at CanSecWest 2007.
EIP-2026-103612 EXPLOITDB text WORKING POC
Opera Web Browser 9 - CSS Background URI Memory Corruption
CVE-2007-6165 EXPLOITDB ruby WORKING POC
Mail in Apple Mac OS X Leopard (10.5.1) - RCE
Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote attackers to execute arbitrary code via an AppleDouble attachment containing an apparently-safe file type and script in a resource fork, which does not warn the user that a separate program is going to be executed. NOTE: this is a regression error related to CVE-2006-0395.
CVE-2016-3714 EXPLOITDB HIGH ruby WORKING POC
ImageMagick <6.9.3-10 & <7.0.1-1 - RCE
The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick."
CVSS 8.4
CVE-2003-0201 EXPLOITDB ruby WORKING POC
Samba < 2.2.8a and 2.0.10 - Remote Code Execution via call_trans2open Buffer Overflow
Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.
CVE-2003-0085 EXPLOITDB ruby WORKING POC
Samba < 2.2.8 - Remote Code Execution via SMB/CIFS Packet Fragment Reassembly
Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in Samba before 2.2.8, and Samba-TNG before 0.3.1, allows remote attackers to execute arbitrary code.
EIP-2026-103167 EXPLOITDB ruby WORKING POC
Mitel Audio and Web Conferencing - Command Injection (Metasploit)
CVE-2013-0230 EXPLOITDB ruby WORKING POC
miniupnpd 1.0 - Remote Code Execution via Long Quoted Method in SOAPAction Handler
Stack-based buffer overflow in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to execute arbitrary code via a long quoted method.
CVE-2011-4862 EXPLOITDB ruby WORKING POC
GNU inetutils < 1.9 - Remote Code Execution via Long Encryption Key
Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.
CVE-2005-2773 EXPLOITDB CRITICAL ruby WORKING POC
HP OpenView Network Node Manager <7.50 - RCE
HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes.ovpl, (2) cdpView.ovpl, (3) freeIPaddrs.ovpl, and (4) ecscmg.ovpl.
CVSS 9.8
CVE-2010-4345 EXPLOITDB HIGH ruby WORKING POC
Exim4 string_format Function Heap Buffer Overflow
Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
CVSS 7.8
CVE-2009-2765 EXPLOITDB ruby WORKING POC
DD-WRT < 24 - Remote Code Execution via CGI-BIN URI Shell Metacharacters
httpd.c in httpd in the management GUI in DD-WRT 24 sp1, and other versions before build 12533, allows remote attackers to execute arbitrary commands via shell metacharacters in a request to a cgi-bin/ URI.
CVE-2015-0936 EXPLOITDB CRITICAL ruby WORKING POC
Ceragon FibeAir IP-10 - Privilege Escalation
Ceragon FibeAir IP-10 have a default SSH public key in the authorized_keys file for the mateidu user, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key.
CVSS 9.8
CVE-2010-2075 EXPLOITDB ruby WORKING POC
UnrealIRCd 3.2.8.1 - Remote Code Execution via Trojaned DEBUG3_DOLOG_SYSTEM Macro
UnrealIRCd 3.2.8.1, as distributed on certain mirror sites from November 2009 through June 2010, contains an externally introduced modification (Trojan Horse) in the DEBUG3_DOLOG_SYSTEM macro, which allows remote attackers to execute arbitrary commands.
CVE-2017-7494 EXPLOITDB CRITICAL ruby WORKING POC
Samba is_known_pipename() Arbitrary Module Load
Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.
CVSS 9.8
CVE-2010-0926 EXPLOITDB ruby WORKING POC
Samba <3.3.11, <3.4.6, <3.5.0rc3 - Path Traversal
The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traversal vulnerability, and access arbitrary files, by using the symlink command in smbclient to create a symlink containing .. (dot dot) sequences, related to the combination of the unix extensions and wide links options.
CVE-2007-2446 EXPLOITDB ruby WORKING POC
Samba 3.0.0-3.0.25rc3 - Buffer Overflow
Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), or (5) LsarLookupSids/LsarLookupSids2 (lsa_io_trans_names).
CVE-2007-2446 EXPLOITDB ruby WORKING POC
Samba 3.0.0-3.0.25rc3 - Buffer Overflow
Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), or (5) LsarLookupSids/LsarLookupSids2 (lsa_io_trans_names).
CVE-2003-0085 EXPLOITDB ruby WORKING POC
Samba < 2.2.8 - Remote Code Execution via SMB/CIFS Packet Fragment Reassembly
Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in Samba before 2.2.8, and Samba-TNG before 0.3.1, allows remote attackers to execute arbitrary code.
CVE-2017-8291 EXPLOITDB HIGH ruby WORKING POC
Ghostscript Type Confusion Arbitrary Command Execution
Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.
CVSS 7.8
CVE-2006-3672 EXPLOITDB text STUB
KDE Konqueror < 3.5.1 - Denial of Service via replaceChild DOM Method
KDE Konqueror 3.5.1 and earlier allows remote attackers to cause a denial of service (application crash) by calling the replaceChild method on a DOM object, which triggers a null dereference, as demonstrated by calling document.replaceChild with a 0 (zero) argument.
CVE-2002-1473 EXPLOITDB ruby WORKING POC
HP-UX 10.20-11.11 - Buffer Overflow in lp Subsystem
Multiple buffer overflows in lp subsystem for HP-UX 10.20 through 11.11 (11i) allow local users to cause a denial of service and possibly execute arbitrary code.
CVE-2001-0800 EXPLOITDB ruby WORKING POC
IRIX < 6.5.13f - Remote Code Execution via lpsched Shell Metacharacters
lpsched in IRIX 6.5.13f and earlier allows remote attackers to execute arbitrary commands via shell metacharacters.