Metasploit Exploits

3,189 exploits tracked across all sources.

Sort: Activity Stars
CVE-2007-3435 METASPLOIT ruby
RKD Software Barcode Activex - Buffer Overflow
Stack-based buffer overflow in the BeginPrint method in a certain ActiveX control in RKD Software (barcodetools.com) BarCodeAx.dll 4.9 allows remote attackers to execute arbitrary code via a long argument.
CVE-2010-1799 METASPLOIT ruby
Apple Quicktime - Memory Corruption
Stack-based buffer overflow in the error-logging functionality in Apple QuickTime before 7.6.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.
by Krystian Kloskowski, jduck
CVE-2013-0025 METASPLOIT ruby
Microsoft Internet Explorer - Resource Management Error
Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer SLayoutRun Use After Free Vulnerability."
CVE-2006-0476 METASPLOIT ruby
Nullsoft Winamp - Buffer Overflow
Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to execute arbitrary code via a playlist (pls) file with a long file name (File1 field).
by hdm
CVE-2013-0634 METASPLOIT ruby
Adobe Flash Player <10.3.183.51-11.5.502.149 - RCE
Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android 2.x and 3.x, and before 11.1.115.37 on Android 4.x allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, as exploited in the wild in February 2013.
by Unknown, Boris, Ryutin, juan vazquez
CVE-2012-2175 METASPLOIT ruby
IBM Lotus Inotes - Memory Corruption
Buffer overflow in the Attachment_Times method in a certain ActiveX control in dwa85W.dll in IBM Lotus iNotes 8.5.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a long argument.
by Gaurav Baruah, juan vazquez
CVE-2008-4384 METASPLOIT ruby
Iseemedia Lpviewer - Memory Corruption
Multiple stack-based buffer overflows in MGI Software LPViewer ActiveX control (LPControl.dll), as acquired by Roxio and iseemedia, allow remote attackers to execute arbitrary code via the (1) url, (2) toolbar, and (3) enableZoomPastMax methods.
by MC
CVE-2011-2882 METASPLOIT ruby
Citrix Access Gateway - Memory Corruption
Stack-based buffer overflow in the NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 allows remote attackers to execute arbitrary code via crafted HTTP header data.
by Michal Trojnara, bannedit, sinn3r
CVE-2007-5217 METASPLOIT ruby
Altnet Download Manager - Memory Corruption
Stack-based buffer overflow in the ADM4 ActiveX control in adm4.dll in Altnet Download Manager 4.0.0.6, as used in (1) Kazaa 3.2.7 and (2) Grokster, allows remote attackers to execute arbitrary code via a long argument to the Install method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by MC
CVE-2008-5492 METASPLOIT ruby
VeryDOC PDF Viewer OCX Control <2.0.0.1 - Buffer Overflow
Heap-based buffer overflow in the PDFVIEW.PdfviewCtrl.1 ActiveX control in pdfview.ocx 2.0.0.1 in VeryDOC PDF Viewer OCX Control allows remote attackers to execute arbitrary code via a long first argument to the OpenPDF method. NOTE: some of these details are obtained from third party information.
by MC
CVE-2010-4321 METASPLOIT ruby
Novell Iprint Client - Memory Corruption
Stack-based buffer overflow in an ActiveX control in ienipp.ocx in Novell iPrint Client 5.52 allows remote attackers to execute arbitrary code via a long argument to (1) the GetDriverSettings2 method, as reachable by (2) the GetDriverSettings method.
CVE-2012-3569 METASPLOIT ruby
Vmware Ovf Tool - Format String Vulnerability
Format string vulnerability in VMware OVF Tool 2.1 on Windows, as used in VMware Workstation 8.x before 8.0.5, VMware Player 4.x before 4.0.5, and other products, allows user-assisted remote attackers to execute arbitrary code via a crafted OVF file.
by Jeremy Brown, juan vazquez
CVE-2012-0708 METASPLOIT ruby
IBM Rational ClearQuest <7.1.1.9, <7.1.2.6, <8.0.0.2 - Buffer Overflow
Heap-based buffer overflow in the Ole API in the CQOle ActiveX control in cqole.dll in IBM Rational ClearQuest 7.1.1 before 7.1.1.9, 7.1.2 before 7.1.2.6, and 8.0.0 before 8.0.0.2 allows remote attackers to execute arbitrary code via a crafted web page that leverages a RegisterSchemaRepoFromFileByDbSet function-prototype mismatch.
by Andrea Micalizzi aka rgod, juan vazquez
CVE-2008-4385 METASPLOIT ruby
Systemrequirementslab System Requirements Lab - Code Injection
Husdawg, LLC Systems Requirements Lab 3, as used by Instant Expert Analysis, allows remote attackers to force the download and execution of arbitrary programs via by specifiying a malicious website argument to the Init method in (1) a certain ActiveX control (sysreqlab2.cab, sysreqlab.dll, sysreqlabsli.dll, or sysreqlab2.dll) and (2) a certain Java applet in RLApplet.class in sysreqlab2.jar or sysreqlab.jar.
by MC
CVE-2012-3753 METASPLOIT ruby
Apple Quicktime < 7.7.2 - Memory Corruption
Buffer overflow in the plugin in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MIME type.
by Pavel Polischouk, juan vazquez
CVE-2010-3962 METASPLOIT HIGH ruby
Microsoft Internet Explorer - Use After Free
Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010.
by unknown, Yuange, Matteo Memelli, jduck
CVSS 8.1
CVE-2013-3346 METASPLOIT CRITICAL ruby
Adobe Acrobat < 9.5.5 - Out-of-Bounds Write
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.
by Soroush Dalili, Unknown, sinn3r, juan vazquez
CVSS 9.8
CVE-2009-20008 METASPLOIT HIGH ruby
Green Dam Youth Escort <3.17 - Buffer Overflow
Green Dam Youth Escort version 3.17 is vulnerable to a stack-based buffer overflow when processing overly long URLs. The flaw resides in the URL filtering component, which fails to properly validate input length before copying user-supplied data into a fixed-size buffer. A remote attacker can exploit this vulnerability by enticing a user to visit a specially crafted webpage containing a long URL, resulting in arbitrary code execution.
CVE-2007-5660 METASPLOIT ruby
Macrovision Flexnet Connect - Buffer Overflow
Unspecified vulnerability in the Update Service ActiveX control in isusweb.dll before 6.0.100.65101 in MacroVision FLEXnet Connect and InstallShield 2008 allows remote attackers to execute arbitrary code via an unspecified "unsafe method," possibly involving a buffer overflow.
by MC
CVE-2013-0108 METASPLOIT ruby
Honeywell Enterprise Buildings Integrator - Code Injection
An ActiveX control in HscRemoteDeploy.dll in Honeywell Enterprise Buildings Integrator (EBI) R310, R400.2, R410.1, and R410.2; SymmetrE R310, R410.1, and R410.2; ComfortPoint Open Manager (aka CPO-M) Station R100; and HMIWeb Browser client packages allows remote attackers to execute arbitrary code via a crafted HTML document.
by juan vazquez
CVE-2004-0363 METASPLOIT ruby
Norton AntiSpam 2004 - Buffer Overflow
Stack-based buffer overflow in the SymSpamHelper ActiveX component (symspam.dll) in Norton AntiSpam 2004, as used in Norton Internet Security 2004, allows remote attackers to execute arbitrary code via a long parameter to the LaunchCustomRuleWizard method.
by MC
CVE-2013-1690 METASPLOIT HIGH ruby
Mozilla Firefox < 22.0 - Memory Corruption
Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location.
by Nils, Unknown, w3bd3vil, sinn3r, juan vazquez
CVSS 8.8
CVE-2013-3893 METASPLOIT HIGH ruby
Microsoft Internet Explorer - Use After Free
Use-after-free vulnerability in the SetMouseCapture implementation in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript strings, as demonstrated by use of an ms-help: URL that triggers loading of hxds.dll.
by Unknown, sinn3r, Rich Lundeen
CVSS 8.8
CVE-2012-4177 METASPLOIT ruby
UBI Uplay PC < 2.0.3 - OS Command Injection
The web browser plugin for Ubisoft Uplay PC before 2.0.4 allows remote attackers to execute arbitrary programs via the -orbit_exe_path command line argument.
CVE-2014-2206 METASPLOIT ruby
GetGo Download Manager <4.9.0.1982 - Buffer Overflow
Stack-based buffer overflow in GetGo Download Manager 4.9.0.1982, 4.8.2.1346, 4.4.5.502, and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a long HTTP Response Header.
by Julien Ahrens, Gabor Seljan, bzyo, sinn3r
By Source
All 3,189 Exploitdb 50,121 Writeup 46,832 Nomisec 21,209 Metasploit 3,189 Github 2,268 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,746 c 3,550 perl 2,854 html 2,055 php 1,334 bash 459 java 360 javascript 260 c++ 247 shell 73 go 41 postscript 25 xml 24