Exploitdb Exploits

2,689 exploits tracked across all sources.

Sort: Activity Stars
CVE-2017-9232 EXPLOITDB CRITICAL ruby VERIFIED
Juju < 1.25.12, 2.0.x < 2.0.4, 2.1.x < 2.1.3 - Privilege Escalation via UNIX Domain Socket
Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root.
by Metasploit
CVSS 9.8
CVE-2010-3856 EXPLOITDB ruby VERIFIED
glibc < 2.11.3 and 2.12.x < 2.12.2 - Privilege Escalation via LD_AUDIT Environment Variable
ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so.
by Metasploit
CVE-2010-3847 EXPLOITDB ruby VERIFIED
glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation
elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory.
by Metasploit
CVE-2017-0146 EXPLOITDB HIGH ruby VERIFIED
Microsoft Windows SMBv1 - Remote Code Execution via Crafted Packets
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, and CVE-2017-0148.
by Metasploit
CVSS 8.8
CVE-2017-0143 EXPLOITDB HIGH ruby VERIFIED
Microsoft Windows SMBv1 - Remote Code Execution via Crafted Packets
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.
by Metasploit
CVSS 8.8
CVE-2017-0147 EXPLOITDB HIGH ruby VERIFIED
Microsoft Windows - SMBv1 Information Disclosure via Crafted Packets
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted packets, aka "Windows SMB Information Disclosure Vulnerability."
by Metasploit
CVSS 7.5
CVE-2015-1318 EXPLOITDB ruby VERIFIED
Apport <2.17.1 - Privilege Escalation
The crash reporting feature in Apport 2.13 through 2.17.x before 2.17.1 allows local users to gain privileges via a crafted usr/share/apport/apport file in a namespace (container).
by Metasploit
CVE-2016-1542 EXPLOITDB HIGH ruby VERIFIED
BMC BladeLogic Server Automation <8.7 - Auth Bypass
The RPC API in RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and enumerate users by sending an action packet to xmlrpc after an authorization failure.
by Metasploit
CVSS 7.5
CVE-2016-1543 EXPLOITDB HIGH ruby VERIFIED
BMC BladeLogic Server Automation <8.8 - Auth Bypass
The RPC API in the RSCD agent in BMC BladeLogic Server Automation (BSA) 8.2.x, 8.3.x, 8.5.x, 8.6.x, and 8.7.x on Linux and UNIX allows remote attackers to bypass authorization and reset arbitrary user passwords by sending an action packet to xmlrpc after an authorization failure.
by Metasploit
CVSS 7.5
CVE-2017-10271 EXPLOITDB HIGH ruby VERIFIED
Oracle WebLogic wls-wsat Component Deserialization RCE
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
by Metasploit
CVSS 7.5
CVE-2017-16928 EXPLOITDB HIGH ruby
Arq < 5.10 - Local Privilege Escalation via Crafted Update URL
The arq_updater binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted update URL, as demonstrated by file:///tmp/blah/Arq.zip.
by Mark Wadham
CVSS 7.8
CVE-2017-7310 EXPLOITDB HIGH ruby VERIFIED
DiskBoss < 8.9 - Buffer Overflow via Import Command XML Name Attribute
A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9, DiskPulse before 10.6, DiskSavvy before 10.6, DupScout before 10.6, and VX Search before 10.6 allows attackers to execute arbitrary code via a crafted XML file containing a long name attribute of a classify element.
by Metasploit
CVSS 7.8
CVE-2017-14143 EXPLOITDB CRITICAL ruby VERIFIED
Kaltura Server < mercury-13.1.0 - Remote Code Execution via Hardcoded Cookie Secret
The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcoded cookie secret to validate cookie signatures, which allows remote attackers to bypass an intended protection mechanism and consequently conduct PHP object injection attacks and execute arbitrary PHP code via a crafted userzone cookie.
by Metasploit
CVSS 9.8
CVE-2017-17562 EXPLOITDB HIGH ruby VERIFIED
Embedthis GoAhead <3.6.5 - Remote Code Execution
Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters in the cgiHandler function in cgi.c. When combined with the glibc dynamic linker, this behaviour can be abused for remote code execution using special parameter names such as LD_PRELOAD. An attacker can POST their shared object payload in the body of the request, and reference it using /proc/self/fd/0.
by Metasploit
CVSS 8.1
CVE-2017-1000486 EXPLOITDB CRITICAL ruby
Primefaces Remote Code Execution Exploit
Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution
by Bjoern Schuette
CVSS 9.8
CVE-2017-18047 EXPLOITDB CRITICAL ruby VERIFIED
LabF nfsAxe 3.7 - Buffer Overflow via Long FTP Reply
Buffer Overflow in the FTP client in LabF nfsAxe 3.7 allows remote FTP servers to execute arbitrary code via a long reply.
by Metasploit
CVSS 9.8
CVE-2017-6090 EXPLOITDB HIGH ruby VERIFIED
PhpCollab < 2.5.1 - Authenticated Arbitrary File Upload via Client Logo Upload
Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in logos_clients/.
by Metasploit
CVSS 8.8
CVE-2017-5817 EXPLOITDB CRITICAL ruby VERIFIED
HPE Intelligent Management Center < 7.3 - Remote Code Execution
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
by Metasploit
CVSS 9.8
CVE-2017-5816 EXPLOITDB CRITICAL ruby VERIFIED
HPE Intelligent Management Center < 7.3 - Remote Code Execution
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.
by Metasploit
CVSS 9.8
EIP-2026-112532 EXPLOITDB ruby
Synology Photostation 6.7.2-3429 - Remote Code Execution (Metasploit)
by James Bercegay
EIP-2026-118379 EXPLOITDB ruby VERIFIED
Commvault Communications Service (cvd) - Command Injection (Metasploit)
by Metasploit
CVE-2017-15222 EXPLOITDB CRITICAL ruby VERIFIED
nftp < 2.0 - Remote Code Execution via Buffer Overflow
Buffer Overflow vulnerability in Ayukov NFTPD 2.0 and earlier allows remote attackers to execute arbitrary code.
by Metasploit
CVSS 9.8
EIP-2026-103034 EXPLOITDB ruby VERIFIED
VMware Workstation - ALSA Config File Local Privilege Escalation (Metasploit)
by Metasploit
CVE-2017-16666 EXPLOITDB HIGH ruby VERIFIED
Xplico < 1.2.1 - Unauthenticated Remote Code Execution via PCAP File Upload
Xplico before 1.2.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the name of an uploaded PCAP file. NOTE: this issue can be exploited without authentication by leveraging the user registration feature.
by Mehmet Ince
CVSS 8.8
CVE-2017-17411 EXPLOITDB CRITICAL ruby
Linksys WVBR0 < 1.0.41 - Unauthenticated Remote Code Execution via Web Management Portal
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management portal. The issue lies in the lack of proper validation of user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges. Was ZDI-CAN-4892.
by Metasploit
CVSS 9.8
By Source
All 2,689 Writeup 61,945 Exploitdb 50,073 Nomisec 22,305 Github 3,486 Metasploit 3,294 Vulncheck_xdb 926 Inthewild 514 Gitlab 470 Gitee 415 Patchapalooza 312
By Language
text 31,383 python 6,500 ruby 5,984 c 3,619 perl 2,849 html 2,071 php 1,331 bash 462 java 370 c++ 255 javascript 228 shell 127 go 72 postscript 25 typescript 25