hdm

395 exploits Active since Jan 1997
CVE-2006-1551 METASPLOIT ruby WORKING POC
PAJAX <0.5.1 - Code Injection
Eval injection vulnerability in pajax_call_dispatcher.php in PAJAX 0.5.1 and earlier allows remote attackers to execute arbitrary code via the (1) $method and (2) $args parameters.
CVE-2002-1473 METASPLOIT ruby WORKING POC
HP-UX <11.11 - Buffer Overflow
Multiple buffer overflows in lp subsystem for HP-UX 10.20 through 11.11 (11i) allow local users to cause a denial of service and possibly execute arbitrary code.
CVE-2014-4877 METASPLOIT ruby WORKING POC
GNU Wget <1.16 - Path Traversal
Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST response that references the same filename within two entries, one of which indicates that the filename is for a symlink.
CVE-2008-1447 METASPLOIT MEDIUM ruby WORKING POC
BIND 8-9 <9.5.0-P1 - RCE
The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
CVSS 6.8
CVE-2011-2523 METASPLOIT CRITICAL ruby WORKING POC
Vsftpd - OS Command Injection
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
CVSS 9.8
CVE-2005-2086 METASPLOIT ruby WORKING POC
phpBB <2.0.15 - RCE
PHP remote file inclusion vulnerability in viewtopic.php in phpBB 2.0.15 and earlier allows remote attackers to execute arbitrary PHP code.
CVE-2005-2612 METASPLOIT ruby WORKING POC
WordPress <1.5.1.3 - Code Injection
Direct code injection vulnerability in WordPress 1.5.1.3 and earlier allows remote attackers to execute arbitrary PHP code via the cache_lastpostdate[server] cookie.
CVE-2012-5159 METASPLOIT ruby WORKING POC
phpMyAdmin <3.5.2.2 - RCE
phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during an unspecified time frame in 2012, contains an externally introduced modification (Trojan Horse) in server_sync.php, which allows remote attackers to execute arbitrary PHP code via an eval injection attack.
CVE-2012-1823 METASPLOIT CRITICAL ruby WORKING POC
Php < 5.3.12 - Command Injection
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
CVSS 9.8
CVE-2013-0156 METASPLOIT ruby WORKING POC
Ruby on Rails JSON Processor YAML Deserialization Code Execution
active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion.
CVE-2012-5958 METASPLOIT ruby WORKING POC
Libupnp < 1.6.17 - Memory Corruption
Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary code via a UDP packet with a crafted string that is not properly handled after a certain pointer subtraction.
CVE-2005-1921 METASPLOIT ruby WORKING POC
PHP Xml Rpc < 1.3.0 - Code Injection
Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.
CVE-2003-0050 METASPLOIT ruby WORKING POC
Apple Darwin Streaming Administration Server <4.1.2 - RCE
parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via shell metacharacters.
CVE-2005-3757 METASPLOIT ruby WORKING POC
Google Mini Search Appliance - RCE
The Saxon XSLT parser in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to obtain sensitive information and execute arbitrary code via dangerous Java class methods in select attribute of xsl:value-of tags in XSLT style sheets, such as (1) system-property, (2) sys:getProperty, and (3) run:exec.
CVE-2005-2773 METASPLOIT CRITICAL ruby WORKING POC
HP OpenView Network Node Manager <7.50 - RCE
HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes.ovpl, (2) cdpView.ovpl, (3) freeIPaddrs.ovpl, and (4) ecscmg.ovpl.
CVSS 9.8
CVE-2007-1286 METASPLOIT ruby WORKING POC
PHP <4.4.4 - RCE
Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter.
CVE-2001-0311 METASPLOIT ruby WORKING POC
HP OmniBackII <A.03.50 - Privilege Escalation
Vulnerability in OmniBackII A.03.50 in HP 11.x and earlier allows attackers to gain unauthorized access to an OmniBack client.
CVE-2017-8291 METASPLOIT HIGH ruby WORKING POC
Ghostscript Type Confusion Arbitrary Command Execution
Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile (%pipe%" substring in a crafted .eps document that is an input to the gs program, as exploited in the wild in April 2017.
CVSS 7.8
CVE-2010-4345 METASPLOIT HIGH ruby WORKING POC
Exim4 string_format Function Heap Buffer Overflow
Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
CVSS 7.8
CVE-2015-3224 METASPLOIT ruby WORKING POC
Web Console <2.1.3 - XSS
request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted request.
CVE-2005-1009 METASPLOIT ruby WORKING POC
BakBone NetVault <7 - Buffer Overflow
Multiple buffer overflows in BakBone NetVault 6.x and 7.x allow (1) remote attackers to execute arbitrary code via a modified computer name and length that leads to a heap-based buffer overflow, or (2) local users to execute arbitrary code via a long Name entry in the configure.cfg file.
CVE-2006-3677 METASPLOIT ruby WORKING POC
Mozilla Firefox <1.5.0.5 & SeaMonkey <1.0.3 - RCE
Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code by changing certain properties of the window navigator object (window.navigator) that are accessed when Java starts up, which causes a crash that leads to code execution.
CVE-2002-1318 METASPLOIT ruby WORKING POC
Samba <2.2.7 - Buffer Overflow
Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an encrypted password that causes the overflow during decryption in which a DOS codepage string is converted to a little-endian UCS2 unicode string.
CVE-2002-0392 METASPLOIT ruby WORKING POC
Apache HTTP Server < 1.3.24 - Denial of Service
Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
CVE-2004-2086 METASPLOIT ruby WORKING POC
Sambar Server <6.0 - Buffer Overflow
Stack-based buffer overflow in results.stm for Sambar Server before the 6.0 production release allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP POST request with a long query parameter.