modpr0be

44 exploits Active since Feb 2009
CVE-2012-2995 EXPLOITDB WORKING POC
Trend Micro InterScan Messaging Security Suite 7.1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro InterScan Messaging Security Suite 7.1-Build_Win32_1394 allow remote attackers to inject arbitrary web script or HTML via (1) the wrsApprovedURL parameter to addRuleAttrWrsApproveUrl.imss or (2) the src parameter to initUpdSchPage.imss.
CVE-2011-10010 EXPLOITDB CRITICAL ruby WORKING POC
QuickShare File Server 1.2.1 - Path Traversal
QuickShare File Server 1.2.1 contains a path traversal vulnerability in its FTP service due to improper sanitation of user-supplied file paths. Authenticated users can exploit this flaw by submitting crafted sequences to access or write files outside the intended virtual directory. When the "Writable" option is enabled (default during account creation), this allows attackers to upload arbitrary files to privileged locations such as system32, enabling remote code execution via MOF injection or executable placement.
CVE-2011-10010 EXPLOITDB CRITICAL python WORKING POC
QuickShare File Server 1.2.1 - Path Traversal
QuickShare File Server 1.2.1 contains a path traversal vulnerability in its FTP service due to improper sanitation of user-supplied file paths. Authenticated users can exploit this flaw by submitting crafted sequences to access or write files outside the intended virtual directory. When the "Writable" option is enabled (default during account creation), this allows attackers to upload arbitrary files to privileged locations such as system32, enabling remote code execution via MOF injection or executable placement.
CVE-2012-6664 METASPLOIT CRITICAL ruby WORKING POC
Distinct Intranet Servers <3.10 - Path Traversal
Multiple directory traversal vulnerabilities in the TFTP Server in Distinct Intranet Servers 3.10 and earlier allow remote attackers to read or write arbitrary files via a .. (dot dot) in the (1) get or (2) put commands.
CVSS 9.1
CVE-2017-17932 METASPLOIT CRITICAL ruby WORKING POC
ALLPlayer ALLMediaServer <= 0.95 - Remote Code Execution via TCP Port 888 Buffer Overflow
A buffer overflow vulnerability exists in MediaServer.exe in ALLPlayer ALLMediaServer 0.95 and earlier that could allow remote attackers to execute arbitrary code and/or cause denial of service on the victim machine/computer via a long string to TCP port 888.
CVSS 9.8
CVE-2024-23985 METASPLOIT HIGH ruby WORKING POC
EzServer 6.4.017 - Denial of Service via RNTO Command
EzServer 6.4.017 allows a denial of service (daemon crash) via a long string, such as one for the RNTO command.
CVSS 7.5
CVE-2017-14627 METASPLOIT HIGH ruby WORKING POC
CyberLink LabelPrint 2.5 - Stack-based Buffer Overflow via LPP Project File Parameters
Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote attackers to execute arbitrary code via the (1) author (inside the INFORMATION tag), (2) name (inside the INFORMATION tag), (3) artist (inside the TRACK tag), or (4) default (inside the TEXT tag) parameter in an lpp project file.
CVSS 7.8
CVE-2017-8869 METASPLOIT HIGH ruby WORKING POC
MediaCoder 0.8.48.5888 - Remote Code Execution via Crafted .m3u File
Buffer overflow in MediaCoder 0.8.48.5888 allows remote attackers to execute arbitrary code via a crafted .m3u file.
CVSS 7.8
CVE-2011-10010 METASPLOIT CRITICAL ruby WORKING POC
QuickShare File Server 1.2.1 - Path Traversal
QuickShare File Server 1.2.1 contains a path traversal vulnerability in its FTP service due to improper sanitation of user-supplied file paths. Authenticated users can exploit this flaw by submitting crafted sequences to access or write files outside the intended virtual directory. When the "Writable" option is enabled (default during account creation), this allows attackers to upload arbitrary files to privileged locations such as system32, enabling remote code execution via MOF injection or executable placement.
CVE-2011-3976 METASPLOIT ruby WORKING POC
AmmSoft ScriptFTP 3.3 - Buffer Overflow
Stack-based buffer overflow in AmmSoft ScriptFTP 3.3 allows remote FTP servers to execute arbitrary code via a long filename in a response to a LIST command, as demonstrated using (1) GETLIST or (2) GETFILE in a ScriptFTP script.
CVE-2011-5171 METASPLOIT ruby WORKING POC
CyberLink Power2Go 7 build 196 and 8 build 1031 - Remote Code Execution via Crafted Project File Parameters
Multiple stack-based buffer overflows in CyberLink Power2Go 7 (build 196) and 8 (build 1031) allow remote attackers to execute arbitrary code via the (1) src and (2) name parameters in a p2g project file.
CVE-2011-4496 METASPLOIT ruby WORKING POC
Aviosoft DTV Player 1.0.1.2 - Buffer Overflow via Crafted PLF Playlist File
Buffer overflow in Aviosoft DTV Player 1.0.1.2 allows remote attackers to execute arbitrary code via a crafted .plf (aka playlist) file.
CVE-2018-17408 METASPLOIT HIGH ruby WORKING POC
Zahir Accounting Enterprise Plus <6 - RCE
Stack-based buffer overflows in Zahir Accounting Enterprise Plus 6 through build 10b allow remote attackers to execute arbitrary code via a crafted CSV file that is accessed through the Import CSV File menu.
CVSS 7.8
EIP-2026-119376 EXPLOITDB text WORKING POC
Hexamail Server 4.4.5 - Persistent Cross-Site Scripting
CVE-2018-17408 EXPLOITDB HIGH python WORKING POC
Zahir Accounting Enterprise Plus <6 - RCE
Stack-based buffer overflows in Zahir Accounting Enterprise Plus 6 through build 10b allow remote attackers to execute arbitrary code via a crafted CSV file that is accessed through the Import CSV File menu.
CVSS 7.8
CVE-2012-2998 EXPLOITDB python WORKING POC
Trend Micro Control Manager <5.5.0.1823, <6.0.0.1449 - SQL Injection
SQL injection vulnerability in the ad hoc query module in Trend Micro Control Manager (TMCM) before 5.5.0.1823 and 6.0 before 6.0.0.1449 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2012-6664 EXPLOITDB CRITICAL ruby WORKING POC
Distinct Intranet Servers <3.10 - Path Traversal
Multiple directory traversal vulnerabilities in the TFTP Server in Distinct Intranet Servers 3.10 and earlier allow remote attackers to read or write arbitrary files via a .. (dot dot) in the (1) get or (2) put commands.
CVSS 9.1
CVE-2011-3976 EXPLOITDB ruby WORKING POC
AmmSoft ScriptFTP 3.3 - Buffer Overflow
Stack-based buffer overflow in AmmSoft ScriptFTP 3.3 allows remote FTP servers to execute arbitrary code via a long filename in a response to a LIST command, as demonstrated using (1) GETLIST or (2) GETFILE in a ScriptFTP script.
CVE-2011-3976 EXPLOITDB python WORKING POC
AmmSoft ScriptFTP 3.3 - Buffer Overflow
Stack-based buffer overflow in AmmSoft ScriptFTP 3.3 allows remote FTP servers to execute arbitrary code via a long filename in a response to a LIST command, as demonstrated using (1) GETLIST or (2) GETFILE in a ScriptFTP script.
CVE-2011-3976 EXPLOITDB ruby WORKING POC
AmmSoft ScriptFTP 3.3 - Buffer Overflow
Stack-based buffer overflow in AmmSoft ScriptFTP 3.3 allows remote FTP servers to execute arbitrary code via a long filename in a response to a LIST command, as demonstrated using (1) GETLIST or (2) GETFILE in a ScriptFTP script.
EIP-2026-118530 EXPLOITDB ruby WORKING POC
EZHomeTech EzServer 6.4.017 - Remote Stack Buffer Overflow (Metasploit)
EIP-2026-118430 EXPLOITDB ruby WORKING POC
Distinct TFTP 3.01 - Writable Directory Traversal Execution (Metasploit)
EIP-2026-118431 EXPLOITDB text WORKING POC
Distinct TFTP Server 3.01 - Directory Traversal
EIP-2026-118529 EXPLOITDB python WORKING POC
EZHomeTech Ezserver 6.4 - Remote Stack Overflow
EIP-2026-118594 EXPLOITDB python WORKING POC
FTPGetter 3.58.0.21 - 'PASV' Remote Buffer Overflow