mr_me

214 exploits Active since Dec 2002
CVE-2012-6554 METASPLOIT ruby WORKING POC
A51dev Activecollab Chat Module - Improper Input Validation
functions/html_to_text.php in the Chat module before 1.5.2 for activeCollab allows remote authenticated users to execute arbitrary PHP code via the message[message_text] parameter to chat/add_messag, which is not properly handled when executing the preg_replace function with the eval switch.
CVE-2021-21972 METASPLOIT CRITICAL ruby WORKING POC
Vmware Cloud Foundation < 3.10.1.2 - Path Traversal
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server. This affects VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).
CVSS 9.8
CVE-2017-18357 METASPLOIT MEDIUM ruby WORKING POC
Shopware < 5.3.4 - XXE
Shopware before 5.3.4 has a PHP Object Instantiation issue via the sort parameter to the loadPreviewAction() method of the Shopware_Controllers_Backend_ProductStream controller, with resultant XXE via instantiation of a SimpleXMLElement object.
CVSS 6.5
CVE-2011-5130 METASPLOIT ruby WORKING POC
Haudenschilt Family Connections Cms - Code Injection
dev/less.php in Family Connections CMS (FCMS) 2.5.0 - 2.7.1, when register_globals is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the argv[1] parameter.
CVE-2014-7205 METASPLOIT ruby WORKING POC
hapi Server Framework - Code Injection
Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for the hapi server framework for Node.js allows remote attackers to execute arbitrary Javascript code via unspecified vectors.
CVE-2016-2555 METASPLOIT CRITICAL ruby WORKING POC
Atutor - SQL Injection
SQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary SQL commands via the searchFriends function to friends.inc.php.
CVSS 9.8
CVE-2020-10189 METASPLOIT CRITICAL ruby WORKING POC
Zohocorp Manageengine Desktop Central - Insecure Deserialization
Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserialization of untrusted data in getChartImage in the FileStorage class. This is related to the CewolfServlet and MDMLogUploaderServlet servlets.
CVSS 9.8
CVE-2010-4417 METASPLOIT ruby WORKING POC
Oracle Fusion Middleware <2.0.1.3 - Info Disclosure
Unspecified vulnerability in the Services for Beehive component in Oracle Fusion Middleware 2.0.1.0, 2.0.1.1, 2.0.1.2, 2.0.1.2.1, and 2.0.1.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that voice-servlet/prompt-qa/Index.jspf does not properly handle null (%00) bytes in the evaluation parameter that is used in a filename, which allows attackers to create a file with an executable extension and execute arbitrary JSP code.
CVE-2017-11394 METASPLOIT CRITICAL ruby WORKING POC
Trendmicro Officescan - Improper Input Validation
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the T parameter within Proxy.php. Formerly ZDI-CAN-4544.
CVSS 9.8
CVE-2016-0752 METASPLOIT HIGH ruby WORKING POC
Ruby on Rails Dynamic Render File Upload Remote Code Execution
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.
CVSS 7.5
CVE-2002-2268 METASPLOIT ruby WORKING POC
Netdave Webster HTTP Server - Memory Corruption
Buffer overflow in Webster HTTP Server allows remote attackers to execute arbitrary code via a long URL.
CVE-2015-2284 METASPLOIT ruby WORKING POC
Solarwinds Firewall Security Manager < 6.6.5 - Access Control
userlogin.jsp in SolarWinds Firewall Security Manager (FSM) before 6.6.5 HotFix1 allows remote attackers to gain privileges and execute arbitrary code via unspecified vectors, related to client session handling.
CVE-2021-26914 METASPLOIT HIGH ruby WORKING POC
Netmotionsoftware Netmotion Mobility - Insecure Deserialization
NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in MvcUtil valueStringToObject.
CVSS 8.1
CVE-2020-16952 METASPLOIT HIGH ruby WORKING POC
Microsoft SharePoint Server-Side Include and ViewState RCE
<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p> <p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p> <p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p>
CVSS 8.6
CVE-2010-4321 METASPLOIT ruby WORKING POC
Novell Iprint Client - Memory Corruption
Stack-based buffer overflow in an ActiveX control in ienipp.ocx in Novell iPrint Client 5.52 allows remote attackers to execute arbitrary code via a long argument to (1) the GetDriverSettings2 method, as reachable by (2) the GetDriverSettings method.
CVE-2021-40539 METASPLOIT CRITICAL ruby WORKING POC
ManageEngine ADSelfService Plus CVE-2021-40539
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.
CVSS 9.8
CVE-2011-4034 METASPLOIT ruby WORKING POC
Steema TeeChart ActiveX < - Buffer Overflow
Buffer overflow in the Steema TeeChart ActiveX control, as used in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors.
CVE-2011-0065 METASPLOIT ruby WORKING POC
Mozilla Firefox <3.5.19 & SeaMonkey <2.0.14 - Use After Free
Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mChannel.
CVE-2011-2371 METASPLOIT ruby WORKING POC
Mozilla Seamonkey < 3.6.17 - Numeric Error
Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object.
CVE-2010-5193 METASPLOIT ruby WORKING POC
Viscom Image Viewer CP Pro/Gold <8.0-6.0 - Buffer Overflow
Stack-based buffer overflow in the TIFMergeMultiFiles function in the SCRIBBLE.ScribbleCtrl.1 ActiveX control (ImageViewer2.ocx) in Viscom Image Viewer CP Pro 8.0 and Gold 6.0 allows remote attackers to execute arbitrary code via a long strDelimit parameter.
CVE-2011-2110 METASPLOIT ruby WORKING POC
Adobe Flash Player <10.3.181.26-10.3.185.23 - RCE
Adobe Flash Player before 10.3.181.26 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.23 and earlier on Android, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in June 2011.
CVE-2012-1876 METASPLOIT ruby WORKING POC
Microsoft Internet Explorer - Code Injection
Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
CVE-2012-5896 METASPLOIT ruby WORKING POC
Quest InTrust <10.4.0.853 - RCE
The Annotation Objects Extension ActiveX control in AnnotateX.dll in Quest InTrust 10.4.0.853 and earlier does not properly implement the Add method, which allows remote attackers to execute arbitrary code via a memory address in the first argument, related to an "uninitialized pointer."
CVE-2011-4044 METASPLOIT ruby WORKING POC
ARC Informatique PcVue <10.0 - RCE
An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to modify files via calls to unknown methods.
CVE-2010-0356 METASPLOIT ruby WORKING POC
Viscomsoft Movie Player Pro SDK Activex - Memory Corruption
Stack-based buffer overflow in the MOVIEPLAYER.MoviePlayerCtrl.1 ActiveX control in MoviePlayer.ocx 6.8.0.0 in Viscom Software Movie Player Pro SDK ActiveX 6.8 allows remote attackers to execute arbitrary code via a long strFontName parameter to the DrawText method.