sinn3r

411 exploits Active since Dec 2002
CVE-2019-0232 METASPLOIT HIGH ruby WORKING POC
Apache Tomcat 7.0.0-7.0.93, 8.5.0-8.5.39, 9.0.0.M1-9.0.17 - Remote Code Execution via CGI Servlet
When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by default. The CGI option enableCmdLineArguments is disable by default in Tomcat 9.0.x (and will be disabled by default in all versions in response to this vulnerability). For a detailed explanation of the JRE behaviour, see Markus Wulftange's blog (https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html) and this archived MSDN blog (https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/).
CVSS 8.1
CVE-2009-3999 METASPLOIT ruby WORKING POC
HP Power Manager <4.2.10 - Buffer Overflow
Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to execute arbitrary code via a long fileName parameter.
CVE-2007-2699 METASPLOIT ruby WORKING POC
BEA WebLogic Express/WebLogic Server 9.0-9.1 - Privilege Escalation
The Administration Console in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not properly enforce certain Domain Security Policies, which allows remote administrative users in the Deployer role to upload arbitrary files.
CVE-2002-2268 METASPLOIT ruby WORKING POC
Webster HTTP Server - Remote Code Execution via Long URL
Buffer overflow in Webster HTTP Server allows remote attackers to execute arbitrary code via a long URL.
CVE-2012-3274 METASPLOIT ruby WORKING POC
HP Intelligent Management Center < 5.1 - Stack-based Buffer Overflow in User Access Manager
Stack-based buffer overflow in uam.exe in the User Access Manager (UAM) component in HP Intelligent Management Center (IMC) before 5.1 E0101P01 allows remote attackers to execute arbitrary code via vectors related to log data.
CVE-2011-0266 METASPLOIT ruby WORKING POC
HP OpenView Network Node Manager 7.51 and 7.53 - Buffer Overflow via Long nameParams Parameter
Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long nameParams parameter, a different vulnerability than CVE-2011-0267.2.
CVE-2009-2685 METASPLOIT ruby WORKING POC
HP Power Manager - Stack-based Buffer Overflow via Login Variable
Stack-based buffer overflow in the login form in the management web server in HP Power Manager allows remote attackers to execute arbitrary code via the Login variable.
CVE-2010-4417 METASPLOIT ruby WORKING POC
Oracle Fusion Middleware <2.0.1.3 - Info Disclosure
Unspecified vulnerability in the Services for Beehive component in Oracle Fusion Middleware 2.0.1.0, 2.0.1.1, 2.0.1.2, 2.0.1.2.1, and 2.0.1.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that voice-servlet/prompt-qa/Index.jspf does not properly handle null (%00) bytes in the evaluation parameter that is used in a filename, which allows attackers to create a file with an executable extension and execute arbitrary JSP code.
CVE-2015-2284 METASPLOIT ruby WORKING POC
SolarWinds Firewall Security Manager < 6.6.5 - Remote Code Execution via Client Session Handling
userlogin.jsp in SolarWinds Firewall Security Manager (FSM) before 6.6.5 HotFix1 allows remote attackers to gain privileges and execute arbitrary code via unspecified vectors, related to client session handling.
CVE-2019-5420 METASPLOIT CRITICAL ruby WORKING POC
Ruby On Rails DoubleTap Development Mode secret_key_base Vulnerability
A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit.
CVSS 9.8
CVE-2012-10038 METASPLOIT CRITICAL ruby WORKING POC
Auxilium RateMyPet - Unauthenticated Arbitrary File Upload via Banner Upload Feature
Auxilium RateMyPet contains an unauthenticated arbitrary file upload vulnerability in upload_banners.php. The banner upload feature fails to validate file types or enforce authentication, allowing remote attackers to upload malicious PHP files. These files are stored in a web-accessible /banners/ directory and can be executed directly, resulting in remote code execution.
CVE-2012-10049 METASPLOIT CRITICAL ruby WORKING POC
WebPageTest < 2.6 - Remote Code Execution via Unrestricted File Upload in resultimage.php
WebPageTest version 2.6 and earlier contains an arbitrary file upload vulnerability in the resultimage.php script. The application fails to validate or sanitize user-supplied input before saving uploaded files to a publicly accessible directory. This flaw allows remote attackers to upload and execute arbitrary PHP code, resulting in full remote code execution under the web server context.
CVE-2009-0920 METASPLOIT ruby WORKING POC
HP Network Node Manager 7.01, 7.51, 7.53 - Stack-Based Buffer Overflow via OvOSLocale Cookie
Stack-based buffer overflow in OvCgi/Toolbar.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long OvOSLocale cookie, a variant of CVE-2008-0067.
CVE-2011-3360 METASPLOIT ruby WORKING POC
Wireshark <1.4.9, <1.6.2 - Privilege Escalation
Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x before 1.6.2 allows local users to gain privileges via a Trojan horse Lua script in an unspecified directory.
CVE-2011-1996 METASPLOIT ruby WORKING POC
Microsoft Internet Explorer <9 - RCE
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Option Element Remote Code Execution Vulnerability."
CVE-2013-3184 METASPLOIT ruby WORKING POC
Microsoft Internet Explorer <10 - Code Injection
Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
CVE-2012-4792 METASPLOIT HIGH ruby WORKING POC
Microsoft Internet Explorer <9 - Use After Free
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.
CVSS 8.8
CVE-2008-2683 METASPLOIT ruby WORKING POC
Black Ice Barcode SDK - Arbitrary File Write via BIDIB.BIDIBCtrl.1 DownloadImageFileURL Method
The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black Ice Barcode SDK 5.01 allows remote attackers to force the download and storage of arbitrary files by specifying the origin URL in the first argument to the DownloadImageFileURL method, and the local filename in the second argument. NOTE: some of these details are obtained from third party information.
CVE-2012-1889 METASPLOIT HIGH ruby WORKING POC
Microsoft XML Core Services 3.0, 4.0, 5.0, 6.0 - Remote Code Execution via Uninitialized Memory Access
Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
CVSS 8.8
CVE-2013-3205 METASPLOIT ruby WORKING POC
Microsoft Internet Explorer <9 - Code Injection
Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
CVE-2012-1535 METASPLOIT HIGH ruby WORKING POC
Adobe Flash Player < 11.3.300.271 - Remote Code Execution via Crafted SWF Content
Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content, as exploited in the wild in August 2012 with SWF content in a Word document.
CVSS 7.8
CVE-2013-1017 METASPLOIT ruby WORKING POC
Apple QuickTime < 7.7.4 - Remote Code Execution via Crafted Dref Atoms
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted dref atoms in a movie file.
CVE-2012-0003 METASPLOIT HIGH ruby WORKING POC
Windows Multimedia Library - Remote Code Execution via Crafted MIDI File
Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MIDI file, aka "MIDI Remote Code Execution Vulnerability."
CVSS 8.1
CVE-2013-10057 METASPLOIT HIGH ruby WORKING POC
Synactis PDF In-The-Box ActiveX - Buffer Overflow
A stack-based buffer overflow vulnerability exists in Synactis PDF In-The-Box ActiveX control (PDF_IN_1.ocx), specifically the ConnectToSynactis method. When a long string is passed to this method—intended to populate the ldCmdLine argument of a WinExec call—a strcpy operation overwrites a saved TRegistry class pointer on the stack. This allows remote attackers to execute arbitrary code in the context of the user by enticing them to visit a malicious webpage that instantiates the vulnerable ActiveX control. The vulnerability was discovered via its use in third-party software such as Logic Print 2013.
CVE-2012-4924 METASPLOIT ruby WORKING POC
ASUS Net4Switch 1.0.0020 - Buffer Overflow
Buffer overflow in the CxDbgPrint function in the ipswcom.dll ActiveX component 1.0.0.1 for ASUS Net4Switch 1.0.0020 allows remote attackers to execute arbitrary code via a long parameter to the Alert method.