juan vazquez

645 exploits Active since Sep 2005
CVE-2012-3569 METASPLOIT ruby WORKING POC
VMware OVF Tool 2.1 - Remote Code Execution via Crafted OVF File
Format string vulnerability in VMware OVF Tool 2.1 on Windows, as used in VMware Workstation 8.x before 8.0.5, VMware Player 4.x before 4.0.5, and other products, allows user-assisted remote attackers to execute arbitrary code via a crafted OVF file.
CVE-2008-1602 METASPLOIT ruby WORKING POC
Orbit Downloader <2.6.4 - Buffer Overflow
Stack-based buffer overflow in Orbit downloader 2.6.3 and 2.6.4 allows remote attackers to execute arbitrary code via a long download URL, which is not properly handled during Unicode conversion for a balloon notification after a download has failed.
CVE-2013-3248 METASPLOIT ruby WORKING POC
Corel PDF Fusion <1.11 - Privilege Escalation
Untrusted search path vulnerability in Corel PDF Fusion 1.11 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .pdf or .xps file.
CVE-2013-3482 METASPLOIT ruby WORKING POC
ERDAS ER Viewer < 13.0.1.1301 - Stack-Based Buffer Overflow via Long String in ERS File
Stack-based buffer overflow in the rf_report_error function in ermapper_u.dll in Intergraph ERDAS ER Viewer before 13.0.1.1301 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long string in an ERS file.
CVE-2013-4988 METASPLOIT ruby WORKING POC
IcoFX < 2.5 - Remote Code Execution via Long idCount in ICONDIR Structure
Stack-based buffer overflow in IcoFX 2.5 and earlier allows remote attackers to execute arbitrary code via a long idCount value in an ICONDIR structure in an ICO file. NOTE: some of these details are obtained from third party information.
CVE-2012-0158 METASPLOIT HIGH ruby WORKING POC
Microsoft Office and Components - Remote Code Execution via Crafted File
The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2003 Web Components SP3; SQL Server 2000 SP4, 2005 SP4, and 2008 SP2, SP3, and R2; BizTalk Server 2002 SP1; Commerce Server 2002 SP4, 2007 SP2, and 2009 Gold and R2; Visual FoxPro 8.0 SP1 and 9.0 SP2; and Visual Basic 6.0 Runtime allow remote attackers to execute arbitrary code via a crafted (a) web site, (b) Office document, or (c) .rtf file that triggers "system state" corruption, as exploited in the wild in April 2012, aka "MSCOMCTL.OCX RCE Vulnerability."
CVSS 8.8
CVE-2014-4114 METASPLOIT HIGH ruby WORKING POC
MS14-060 Microsoft Windows OLE Package Manager Code Execution
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object in an Office document, as exploited in the wild with a "Sandworm" attack in June through October 2014, aka "Windows OLE Remote Code Execution Vulnerability."
CVSS 7.8
CVE-2013-3346 METASPLOIT CRITICAL ruby WORKING POC
Adobe Acrobat and Reader 9.x < 9.5.5, 10.x < 10.1.7, 11.x < 11.0.03 - Remote Code Execution via Memory Corruption
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.
CVSS 9.8
CVE-2012-10051 METASPLOIT HIGH ruby WORKING POC
Photodex ProShow Producer <5.0.3256 - Buffer Overflow
Photodex ProShow Producer version 5.0.3256 contains a stack-based buffer overflow vulnerability in the handling of plugin load list files. When a specially crafted load file is placed in the installation directory, the application fails to properly validate its contents, leading to a buffer overflow when the file is parsed during startup. Exploitation requires local access to place the file and user interaction to launch the application.
CVE-2012-0897 METASPLOIT ruby WORKING POC
IrfanView < 4.33 - Remote Code Execution via JPEG2000 QCD Marker Segment
Stack-based buffer overflow in the JPEG2000 plugin in IrfanView PlugIns before 4.33 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment.
CVE-2014-4114 METASPLOIT HIGH ruby WORKING POC
MS14-060 Microsoft Windows OLE Package Manager Code Execution
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object in an Office document, as exploited in the wild with a "Sandworm" attack in June through October 2014, aka "Windows OLE Remote Code Execution Vulnerability."
CVSS 7.8
CVE-2010-3600 METASPLOIT ruby WORKING POC
Oracle Database Server <11.2.0.1 - Info Disclosure
Unspecified vulnerability in the Client System Analyzer component in Oracle Database Server 11.1.0.7 and 11.2.0.1 and Enterprise Manager Grid Control 10.2.0.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that this issue involves an exposed JSP script that accepts XML uploads in conjunction with NULL bytes in an unspecified parameter that allow execution of arbitrary code.
CVE-2011-3175 METASPLOIT ruby WORKING POC
Novell ZENworks Configuration Management 11.1 and 11.1a - Remote Code Execution via Preboot Service Opcode 0x6c
Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x6c request.
CVE-2012-4959 METASPLOIT ruby WORKING POC
Novell File Reporter <1.0.2 - Path Traversal
Directory traversal vulnerability in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to upload and execute files via a 130 /FSF/CMD request with a .. (dot dot) in a FILE element of an FSFUI record.
CVE-2011-3176 METASPLOIT ruby WORKING POC
Novell ZENworks Configuration Management 11.1 and 11.1a - Stack-Based Buffer Overflow via Opcode 0x4c Request
Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x4c request.
CVE-2012-5932 METASPLOIT ruby WORKING POC
NetIQ Privileged User Manager < 2.3.1 HF2 - Remote Code Execution via ldapagnt_eval Function
Eval injection vulnerability in the ldapagnt_eval function in ldapagnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote attackers to execute arbitrary Perl code via a crafted application/x-amf request.
CVE-2012-2215 METASPLOIT ruby WORKING POC
Novell ZENworks Configuration Management 11.1-11.1a - Unauthenticated Path Traversal via Preboot Service Opcode 0x21
Directory traversal vulnerability in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to read arbitrary files via an opcode 0x21 request.
CVE-2012-10030 METASPLOIT CRITICAL ruby WORKING POC
FreeFloat FTP Server - Unauthenticated RCE
FreeFloat FTP Server contains multiple critical design flaws that allow unauthenticated remote attackers to upload arbitrary files to sensitive system directories. The server accepts empty credentials, defaults user access to the root of the C:\ drive, and imposes no restrictions on file type or destination path. These conditions enable attackers to upload executable payloads and .mof files to locations such as system32 and wbem\mof, where Windows Management Instrumentation (WMI) automatically processes and executes them. This results in remote code execution with SYSTEM-level privileges, without requiring user interaction.
CVSS 9.8
CVE-2014-0784 METASPLOIT ruby WORKING POC
Yokogawa CENTUM CS 3000 < R3.09.50 - Remote Code Execution via Crafted TCP Packet
Stack-based buffer overflow in BKBCopyD.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via a crafted TCP packet.
CVE-2014-0783 METASPLOIT ruby WORKING POC
Yokogawa CENTUM CS 3000 < R3.09.50 - Remote Code Execution via Crafted TCP Packet
Stack-based buffer overflow in BKHOdeq.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via a crafted TCP packet.
CVE-2014-0782 METASPLOIT ruby WORKING POC
Yokogawa CENTUM CS 1000/3000, VP, Exaopc, B/M9000CS/VP - Remote Code Execution
Stack-based buffer overflow in BKESimmgr.exe in the Expanded Test Functions package in Yokogawa CENTUM CS 1000, CENTUM CS 3000 Entry Class R3.09.50 and earlier, CENTUM VP R5.03.00 and earlier, CENTUM VP Entry Class R5.03.00 and earlier, Exaopc R3.71.02 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier allows remote attackers to execute arbitrary code via a crafted packet.
CVE-2019-5620 METASPLOIT CRITICAL ruby WORKING POC
MicroSCADA Pro SYS600 9.3 - Missing Authentication for Critical Function
ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function.
CVSS 9.8
CVE-2014-3888 METASPLOIT ruby WORKING POC
Yokogawa CENTUM CS 1000-VP - Buffer Overflow
Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS 1000, CENTUM CS 3000 R3.09.50 and earlier, CENTUM VP R5.03.20 and earlier, Exaopc R3.72.00 and earlier, B/M9000CS R5.05.01 and earlier, and B/M9000 VP R7.03.01 and earlier, when FCS/Test Function is enabled, allows remote attackers to execute arbitrary code via a crafted packet.
CVE-2014-0750 METASPLOIT ruby WORKING POC
GE Proficy HMI/SCADA - CIMPLICITY < 8.2 - Remote Code Execution via Directory Traversal in WebView CimWeb
Directory traversal vulnerability in gefebt.exe in the WebView CimWeb components in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY through 8.2 SIM 24, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary code via a crafted HTTP request, aka ZDI-CAN-1622.
CVE-2011-4051 METASPLOIT ruby WORKING POC
InduSoft Web Studio 6.1 and 7.0 - Unauthenticated Remote Code Execution via CEServer Remote Agent
CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 does not require authentication, which allows remote attackers to execute arbitrary code via vectors related to creation of a file, loading a DLL, and process control.