Metasploit Exploits
3,315 exploits tracked across all sources.
VMware Fusion <11.5.2 - Privilege Escalation
VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC or Horizon Client is installed.
by h00die, Dhanesh Kizhakkinan, Rich Mirch, jeffball <[email protected]>, grimm
CVSS 7.8
Samba < 2.2.8a and 2.0.10 - Remote Code Execution via call_trans2open Buffer Overflow
Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.
by hdm, jduck
Samba 3.0.0-3.0.25rc3 - Buffer Overflow
Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), or (5) LsarLookupSids/LsarLookupSids2 (lsa_io_trans_names).
by Ramon de C Valle
macOS < 10.11.1 - Unauthenticated AppleScript Execution Bypass
Script Editor in Apple OS X before 10.11.1 allows remote attackers to bypass an intended user-confirmation requirement for AppleScript execution via unspecified vectors.
by joev
Apple Safari - Remote Code Execution via File URL Policy Bypass
Apple Safari before 5.1.1 on Mac OS X does not enforce an intended policy for file: URLs, which allows remote attackers to execute arbitrary code via a crafted web site.
by Aaron Sigel, sinn3r
Adobe Flash Player DeleteRangeTimelineOperation Type-Confusion
Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in May 2016.
by Genwei Jiang, bcook-r7
CVSS 9.8
Safari Proxy Object Type Confusion
In iOS before 11.4 and macOS High Sierra before 10.13.5, a memory corruption issue exists and was addressed with improved memory handling.
by saelo
CVSS 8.8
macOS Catalina <10.15.5 - Privilege Escalation
This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.5. An application may be able to gain elevated privileges.
CVSS 5.3
Apple Mac OS X 10.5.1 - Command Injection
Software Update in Apple Mac OS X 10.5.1 allows remote attackers to execute arbitrary commands via a man-in-the-middle (MITM) attack between the client and the server, using a modified distribution definition file with the "allow-external-scripts" option.
macOS Gatekeeper check bypass
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. A malicious application may bypass Gatekeeper checks. Apple is aware of a report that this issue may have been actively exploited..
by Cedric Owens, timwr, Ferdous Saljooki, Jaron Bradley, Mickey Jin, Shelby Pace
CVSS 5.5
macOS X - Remote Code Execution via Safari Safe Files Download Feature
The "Open 'safe' files after downloading" option in Safari on Apple Mac OS X allows remote user-assisted attackers to execute arbitrary commands by tricking a user into downloading a __MACOSX folder that contains metadata (resource fork) that invokes the Terminal, which automatically interprets the script using bash, as demonstrated using a ZIP file that contains a script with a safe file extension.
by hdm
Mozilla Firefox <3.5.19 & SeaMonkey <2.0.14 - Use After Free
Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mChannel.
by regenrecht, Rh0
Apple QuickTime <7.3.1 - Buffer Overflow
Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header.
Knox Arkeia Server Backup 5.3.x - Remote Code Execution via Type 77 Request
Stack-based buffer overflow in Knox Arkeia Server Backup 5.3.x allows remote attackers to execute arbitrary code via a long type 77 request.
by hdm
Mac OS X 10.4 - Unsafe Attachment Handling in Mail Download Validation
The Download Validation in Mail in Mac OS X 10.4 does not properly recognize attachment file types to warn a user of an unsafe type, which allows user-assisted remote attackers to execute arbitrary code via crafted file types.
by hdm, kf
4D WebSTAR <5.3.2 - Buffer Overflow
Stack-based buffer overflow in the FTP service for 4D WebSTAR 5.3.2 and earlier allows remote attackers to execute arbitrary code via a long FTP command.
by ddz, hdm
xorg-x11-server <1.20.3 - Privilege Escalation
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.
by Narendra Shinde
CVSS 6.6
IBM AIX 6.1/7.1 & VIOS 2.2.2.2-FP-26 SP-02 - Privilege Escalation
Multiple unspecified vulnerabilities in the InfiniBand subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allow local users to gain privileges via vectors involving (1) arp.ib or (2) ibstat.
by Kristian Erik Hermansen
IBM AIX <7.4 - Privilege Escalation
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 251207.
by Tim Brown, bcoles
CVSS 8.4
xtacacsd < 4.1.2 - Remote Code Execution via Crafted CONNECT TACACS Command
Buffer overflow in the report function in xtacacsd 4.1.2 and earlier allows remote attackers to execute arbitrary code via a crafted CONNECT TACACS command.
GNU inetutils < 1.9 - Remote Code Execution via Long Encryption Key
Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.
FreeBSD rtsold 15.x - Remote Code Execution via DNSSL
The rtsol(8) and rtsold(8) programs do not validate the domain search list options provided in router advertisement messages; the option body is passed to resolvconf(8) unmodified.
resolvconf(8) is a shell script which does not validate its input. A lack of quoting meant that shell commands pass as input to resolvconf(8) may be executed.
by Lukas Johannes Möller, Kevin Day
CVSS 7.2
Juniper Junos OS Multiple Versions - Unauthenticated Remote Code Execution via PHPRC
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series
and SRX Series
allows an unauthenticated, network-based attacker to remotely execute code.
Using a crafted request which sets the variable PHPRC an attacker is able to modify the PHP execution environment allowing the injection und execution of code.
This issue affects Juniper Networks Junos OS on EX Series
and
SRX Series:
* All versions prior to
20.4R3-S9;
* 21.1 versions 21.1R1 and later;
* 21.2 versions prior to 21.2R3-S7;
* 21.3 versions prior to 21.3R3-S5;
* 21.4 versions prior to 21.4R3-S5;
* 22.1 versions
prior to
22.1R3-S4;
* 22.2 versions
prior to
22.2R3-S2;
* 22.3 versions
prior to
22.3R2-S2, 22.3R3-S1;
* 22.4 versions
prior to
22.4R2-S1, 22.4R3;
* 23.2 versions prior to 23.2R1-S1, 23.2R2.
by Jacob Baines, Ron Bowes, jheysel-r7, Fabian Hafner
CVSS 9.8
Citrix ADC (NetScaler) Directory Traversal Scanner
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
by Mikhail Klyuchnikov, Project Zero India, TrustedSec, James Brytan, James Smith, Marisa Mack, Rob Vinson, Sergey Pashevkin, Steven Laura, mekhalleh (RAMELLA Sébastien)
CVSS 9.8
Citrix NetScaler ADC and Gateway - Unauthenticated Remote Code Execution
Unauthenticated remote code execution
by Ron Bowes, Douglass McKee, Spencer McIntyre, rwincey
CVSS 9.8
By Source