Metasploit Exploits

3,189 exploits tracked across all sources.

Sort: Activity Stars
CVE-2013-1349 METASPLOIT ruby
Os4ed Opensis - Code Injection
Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 allows remote attackers to execute arbitrary PHP code via the modname parameter.
by EgiX, bcoles
CVE-2014-10021 METASPLOIT ruby
Wpsymposiumpro WP Symposium - Unrestricted File Upload
Unrestricted file upload vulnerability in UploadHandler.php in the WP Symposium plugin 14.11 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in server/php/.
by Claudio Viviani, rastating
CVE-2019-6340 METASPLOIT HIGH ruby
Drupal < 8.5.11 - Insecure Deserialization
Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows PATCH or POST requests, or the site has another web services module enabled, like JSON:API in Drupal 8, or Services or RESTful Web Services in Drupal 7. (Note: The Drupal 7 Services module itself does not require an update at this time, but you should apply other contributed updates associated with this advisory if Services is in use.)
by Jasper Mattsson, Charles Fol, Rotem Reiss, wvu
CVSS 8.1
CVE-2008-6825 METASPLOIT ruby
Trixbox < 2.6.1 - Path Traversal
Directory traversal vulnerability in user/index.php in Fonality trixbox CE 2.6.1 and earlier allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the langChoice parameter.
by chao-mu
CVE-2014-5470 METASPLOIT CRITICAL ruby
Actual Analyzer <2014-08-29 - Code Injection
Actual Analyzer through 2014-08-29 allows code execution via shell metacharacters because untrusted input is used for part of the input data passed to an eval operation.
by Benjamin Harris, bcoles
CVSS 9.8
CVE-2013-7102 METASPLOIT ruby
OptimizePress <1.61 - RCE
Multiple unrestricted file upload vulnerabilities in (1) media-upload.php, (2) media-upload-lncthumb.php, and (3) media-upload-sq_button.php in lib/admin/ in the OptimizePress theme before 1.61 for WordPress allow remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images_comingsoon, images_lncthumbs, or images_optbuttons in wp-content/uploads/optpress/, as exploited in the wild in November 2013.
by United of Muslim Cyber Army, Mekanismen
CVE-2012-6330 METASPLOIT ruby
Foswiki MAKETEXT Remote Command Execution
The localization functionality in TWiki before 5.1.3, and Foswiki 1.0.x through 1.0.10 and 1.1.x through 1.1.6, allows remote attackers to cause a denial of service (memory consumption) via a large integer in a %MAKETEXT% macro.
by Brian Carlson, juan vazquez
CVE-2023-26035 METASPLOIT HIGH ruby
ZoneMinder <1.36.33-1.37.33 - RCE
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id. This issue is fixed in This issue is fixed in versions 1.36.33 and 1.37.33.
by UnblvR, whotwagner
CVSS 7.2
CVE-2014-1691 METASPLOIT ruby
Horde <5.1.1 - Code Injection
The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the _formvars form.
by EgiX, juan vazquez
CVE-2013-2010 METASPLOIT CRITICAL ruby
Automattic WP Super Cache < 1.2 - Injection
WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability
by Unknown, juan vazquez, hdm, Christian Mehlmauer
CVSS 9.8
CVE-2024-51378 METASPLOIT CRITICAL ruby
Cyberpanel < 2.3.8 - OS Command Injection
getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. Versions through 2.3.6 and (unpatched) 2.3.7 are affected.
by DreyAnd, Valentin Lobstein, Luka Petrovic (refr4g)
CVSS 10.0
CVE-2011-4542 METASPLOIT ruby
Hastymail2 - SQL Injection
Hastymail2 2.1.1 before RC2 allows remote attackers to execute arbitrary commands via the (1) rs or (2) rsargs[] parameter in a mailbox Drafts action to the default URI.
by Bruno Teixeira, juan vazquez
CVE-2019-9624 METASPLOIT HIGH ruby
Webmin 1.900 - RCE
Webmin 1.900 allows remote attackers to execute arbitrary code by leveraging the "Java file manager" and "Upload and Download" privileges to upload a crafted .cgi file via the /updown/upload.cgi URI.
by AkkuS <Özkan Mustafa Akkuş>
CVSS 7.8
CVE-2003-0990 METASPLOIT ruby
SquirrelMail 1.4.0 - GPG Plugin 1.1 - Command Injection
The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 allows remote attackers to execute commands via shell metacharacters in the "To:" field.
CVE-2008-0506 METASPLOIT ruby
Coppermine Photo Gallery < 1.4.14 - Improper Input Validation
include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) before 1.4.15, when the ImageMagick picture processing method is configured, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) quality, (2) angle, or (3) clipval parameter to picEditor.php.
by Janek Vind, jduck
CVE-2012-6096 METASPLOIT ruby
Nagios < 3.4.3 - Memory Corruption
Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow remote attackers to execute arbitrary code via a long (1) host_name variable (host parameter) or (2) svc_description variable.
CVE-2014-9567 METASPLOIT ruby
ProjectSend <r561 - RCE
Unrestricted file upload vulnerability in process-upload.php in ProjectSend (formerly cFTP) r100 through r561 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in the upload/files/ or upload/temp/ directory.
by Fady Mohammed Osman, bcoles
CVE-2020-24186 METASPLOIT CRITICAL ruby
gVectors wpDiscuz <7.0.4 - RCE
A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action.
by Chloe Chamberland, Hoa Nguyen - SunCSR
CVSS 10.0
CVE-2005-2847 METASPLOIT ruby
Barracuda Spam Firewall <3.1.17 - Command Injection
img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter.
CVE-2005-0116 METASPLOIT ruby
Awstats < 6.3 - Improper Input Validation
AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl.
CVE-2005-10004 METASPLOIT HIGH ruby
Cacti <0.8.6-d - RCE
Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graph_view.php script. An authenticated user can inject arbitrary shell commands via the graph_start GET parameter, which is improperly handled during graph rendering. This flaw allows attackers to execute commands on the underlying operating system with the privileges of the web server process, potentially compromising system integrity.
CVSS 8.8
CVE-2013-10070 METASPLOIT CRITICAL ruby
PHP-Charts v1.0 - RCE
PHP-Charts v1.0 contains a PHP code execution vulnerability in wizard/url.php, where user-supplied GET parameter names are passed directly to eval() without sanitization. A remote attacker can exploit this flaw by crafting a request that injects arbitrary PHP code, resulting in command execution under the web server's context. The vulnerability allows unauthenticated attackers to execute system-level commands via base64-encoded payloads embedded in parameter names, leading to full compromise of the host system.
by AkaStep, bcoles
CVE-2014-4725 METASPLOIT ruby
MailPoet Newsletters <2.6.7 - Auth Bypass
The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/.
by Marc-Alexandre Montpas, Christian Mehlmauer
CVE-2015-10140 METASPLOIT HIGH ruby
Ajax Load More <2.8.1.2 - Auth Bypass
The Ajax Load More plugin before 2.8.1.2 does not have authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber, to upload and delete arbitrary files.
by PizzaHatHacker
CVSS 8.8
CVE-2015-1587 METASPLOIT ruby
Maarch LetterBox <2.8 - RCE
Unrestricted file upload vulnerability in file_to_index.php in Maarch LetterBox 2.8 and earlier and GEC/GED 1.4 and earlier allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a request to a predictable filename in tmp/.
by rastating
By Source
All 3,189 Exploitdb 50,121 Writeup 46,637 Nomisec 21,130 Metasploit 3,189 Github 2,236 Vulncheck_xdb 900 Inthewild 518 Gitlab 438 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,730 c 3,550 perl 2,854 html 2,054 php 1,334 bash 459 java 359 javascript 260 c++ 246 shell 68 go 41 postscript 25 xml 24