Ruby Exploits
6,006 exploits tracked across all sources.
intrasrv 1.0 - Remote SEH Buffer Overflow via HTTP GET or HEAD Request
A remote SEH buffer overflow has been discovered in IntraSrv 1.0 (2007-06-03). An attacker may send a crafted HTTP GET or HEAD request that can result in a compromise of the hosting system.
by xis_one
CVSS 9.8
Trend Micro OfficeScan Corporate Edition <= 7.3 Patch 3 - Stack-Based Buffer Overflow
Stack-based buffer overflow in Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 build 1189 and earlier, and 7.3 Patch 3 build 1314 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long encrypted password, which triggers the overflow in (1) cgiChkMasterPwd.exe, (2) policyserver.exe as reachable through cgiABLogon.exe, and other vectors.
by toto
Git Remote Code Execution via git-lfs (CVE-2020-27955)
Git LFS 2.12.0 allows Remote Code Execution.
by Dawid Golunski, space-r7, jheysel-r7
CVSS 9.8
HP OpenView Network Node Manager <7.53 - Buffer Overflow
Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid Hostname parameter.
by MC
Sitecore XP/XM 10.1-10.1.4, 10.2, 10.3-10.3.3, 10.4-10.4.1 - Unauthenticated RCE via Hardcoded Credentials
Sitecore Experience Manager (XM) and Experience Platform (XP) versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access administrative API over HTTP.
by Piotr Bazydlo, msutovsky-r7
CVSS 7.5
Ipswitch WhatsUp Gold <8.03.1 - RCE
Buffer overflow in the _maincfgret.cgi script for Ipswitch WhatsUp Gold before 8.03 Hotfix 1 allows remote attackers to execute arbitrary code via a long instancename parameter.
by MC
Microsoft Exchange Server ChainedSerializationBinder RCE
Microsoft Exchange Server Remote Code Execution Vulnerability
by pwnforsp, zcgonvh, Microsoft Threat Intelligence Center, Microsoft Security Response Center, peterjson, testanull, Grant Willcox, Spencer McIntyre, Markus Wulftange
CVSS 8.8
WS_FTP Server < 8.7.4 - Unauthenticated Remote Code Execution via .NET Deserialization
In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system.
by sfewer-r7
CVSS 10.0
D-Link Central WiFi Manager < 1.03 - Unauthenticated Remote Code Execution via Cookie Injection
/web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM(100) before v1.03R0100_BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username field allows eval injection, and an empty password bypasses authentication.
by M3@ZionLab from DBAppSecurity
CVSS 9.8
HP OpenView Network Node Manager <7.53 - Buffer Overflow
Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid iCount parameter.
by MC
EasyFTP Server < 1.7.0.12 - Unauthenticated Stack-based Buffer Overflow via list.html Path Parameter
EasyFTP Server 1.7.0.11 and earlier contains a stack-based buffer overflow vulnerability in its HTTP interface. When processing a GET request to list.html, the server fails to properly validate the length of the path parameter. Supplying an excessively long value causes a buffer overflow on the stack, potentially corrupting control flow structures. The vulnerability is exposed through the embedded web server and does not require authentication due to default anonymous access. The issue was resolved in version 1.7.0.12, after which the product was renamed to UplusFtp.
by ThE g0bL!N
CVSS 9.8
Rejetto HTTP File Server - Template injection
Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported.
by sfewer-r7, Arseniy Sharoglazov
CVSS 9.8
ManageEngine Password Manager Pro <12101 & PAM360 <5510 - RCE via Java Deserialization
Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. (This also affects ManageEngine Access Manager Plus before 4303 with authentication.)
by Vinicius, Y4er, Grant Willcox
CVSS 9.8
Flexense Dupscout - Memory Corruption
A buffer overflow vulnerability lies in the web server component of Dup Scout Enterprise 9.9.14, Disk Savvy Enterprise 9.9.14, Sync Breeze Enterprise 9.9.16, and Disk Pulse Enterprise 9.9.16 where an attacker can craft a malicious GET request and exploit the web server component. Successful exploitation of the software will allow an attacker to gain complete access to the system with NT AUTHORITY / SYSTEM level privileges. The vulnerability lies due to improper handling and sanitization of the incoming request.
by sickness, Chris Higgins
CVSS 9.8
HP OpenView Network Node Manager <7.53 - Buffer Overflow
Heap-based buffer overflow in OvWebHelp.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long Topic parameter.
by MC
MiniWeb HTTP Server <= Build 300 - File Upload
An unrestricted file upload vulnerability exists in MiniWeb HTTP Server <= Build 300 that allows unauthenticated remote attackers to upload arbitrary files to the server’s filesystem. By abusing the upload handler and crafting a traversal path, an attacker can place a malicious .exe in system32, followed by a .mof file in the WMI directory. This triggers execution of the payload with SYSTEM privileges via the Windows Management Instrumentation service. The exploit is only viable on Windows versions prior to Vista.
by AkaStep, bcoles
Microsoft Exchange Server - Remote Code Execution via ProxyLogon
Microsoft Exchange Server Remote Code Execution Vulnerability
by Orange Tsai, Jang (@testanull), mekhalleh (RAMELLA Sébastien), Le Comptoir Secu, print(, ), lotusdll, Praetorian
CVSS 7.8
HP OpenView Network Node Manager 7.01, 7.51, 7.53 - Remote Code Execution via Long String Parameters
Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) long string parameters to the OpenView5.exe CGI program; (2) a long string parameter to the OpenView5.exe CGI program, related to ov.dll; or a long string parameter to the (3) getcvdata.exe, (4) ovlaunch.exe, or (5) Toolbar.exe CGI program.
by MC
Kentico <12.0.15, 11.0.48, 10.0.52, 9.x - Code Injection
An issue was discovered in Kentico 12.0.x before 12.0.15, 11.0.x before 11.0.48, 10.0.x before 10.0.52, and 9.x versions. Due to a failure to validate security headers, it was possible for a specially crafted request to the staging service to bypass the initial authentication and proceed to deserialize user-controlled .NET object input. This deserialization then led to unauthenticated remote code execution on the server where the Kentico instance was hosted.
by Manoj Cherukuri, Justin LeMay, aushack
CVSS 9.8
Microsoft SharePoint Server - Remote Code Execution
Microsoft SharePoint Server Remote Code Execution Vulnerability
by Jang, jheysel-r7
CVSS 7.2
Alt-N SecurityGateway 1.0.1 - Stack-Based Buffer Overflow via Long Username Parameter
Stack-based buffer overflow in SecurityGateway.dll in Alt-N Technologies SecurityGateway 1.0.1 allows remote attackers to execute arbitrary code via a long username parameter.
by jduck
Ivanti EPM RecordGoodApp SQLi RCE
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
by James Horseman, Christophe De La Fuente
CVSS 8.8
httpdx <1.5 - Remote Code Execution
Multiple format string vulnerabilities in the tolog function in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 allow (1) remote attackers to execute arbitrary code via format string specifiers in a GET request to the HTTP server component when logging is enabled, and allow (2) remote authenticated users to execute arbitrary code via format string specifiers in a PWD command to the FTP server component.
by jduck
HP OpenView Network Node Manager <7.53 - Buffer Overflow
Stack-based buffer overflow in ovalarm.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long HTTP Accept-Language header in an OVABverbose action.
by jduck
Ektron Content Management System 8.5, 8.7 < 8.7sp2, 9.0 < sp1 - XML External Entity Injection via XSLT Parameter
The ContentBlockEx method in Workarea/ServerControlWS.asmx in Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference within an XML document named in the xslt parameter, related to an XML External Entity (XXE) issue.
by catatonicprime
By Source