Metasploit Exploits

3,294 exploits tracked across all sources.

Sort: Activity Stars
CVE-2014-0050 METASPLOIT ruby
Apache Commons FileUpload <1.3.1 - DoS
MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.
by Unknown, ribeirux
CVE-2011-4885 METASPLOIT ruby
PHP < 5.3.9 - Denial of Service via Hash Collision in Form Parameter Handling
PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
by Alexander Klink, Julian Waelde, Scott A. Crosby, Dan S. Wallach, Krzysztof Kotowicz, Christian Mehlmauer
CVE-2016-10542 METASPLOIT HIGH ruby
WS < 1.1.0 - Denial of Service
ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455". By sending an overly long websocket payload to a `ws` server, it is possible to crash the node process. This affects ws 1.1.0 and earlier.
by Ryan Knell, Sonatype Security Research, Nick Starke, Sonatype Security Research
CVSS 7.5
CVE-2018-8065 METASPLOIT HIGH ruby
Flexense SyncBreeze Enterprise <10.6.24 - Memory Corruption
An issue was discovered in the web server in Flexense SyncBreeze Enterprise 10.6.24. There is a user mode write access violation on the syncbrs.exe memory region that can be triggered by rapidly sending a variety of HTTP requests with long HTTP header values or long URIs.
by Ege Balci <[email protected]>
CVSS 7.5
CVE-2004-0331 METASPLOIT ruby
Dell OpenManage Web Server 3.4.0 - Buffer Overflow
Heap-based buffer overflow in Dell OpenManage Web Server 3.4.0 allows remote attackers to cause a denial of service (crash) via a HTTP POST with a long application variable.
by aushack
CVE-2015-1635 METASPLOIT CRITICAL ruby
MS15-034 HTTP Protocol Stack Request Handling Denial-of-Service
HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability."
by Bill Finlayson, sinn3r
CVSS 9.8
CVE-2010-2227 METASPLOIT ruby
Apache Tomcat 5.5.0-5.5.29, 6.0.0-6.0.27, 7.0.0 beta - Denial of Service via Invalid Transfer-Encoding Header
Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
by Steve Jones
CVE-2016-6896 METASPLOIT HIGH ruby
WordPress Traversal Directory DoS
Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read certain text files via a .. (dot dot) in the plugin parameter to wp-admin/admin-ajax.php, as demonstrated by /dev/random read operations that deplete the entropy pool.
by Yorick Koster, CryptisStudents
CVSS 7.1
CVE-2018-11646 METASPLOIT HIGH ruby
WebKitGTK+ <2.21.3 - Use After Free
webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as used in WebKitGTK+ through 2.21.3, mishandle an unset pageURL, leading to an application crash.
by Dhiraj Mishra, Hardik Mehta, Zubin Devnani, Manuel Caballero
CVSS 7.5
CVE-2017-1129 METASPLOIT MEDIUM ruby
IBM Notes 8.5 and 9.0 - Denial of Service via Malicious Link
IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it could cause the Notes client to hang and have to be restarted. IBM X-Force ID: 121370.
by Dhiraj Mishra
CVSS 6.5
CVE-2013-4615 METASPLOIT ruby
Canon MG3100 MG5300 MG6100 MP495 MX340 MX870 MX890 MX920 MX922 - Denial of Service via LAN_TXT24 Parameter
The Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers allow remote attackers to cause a denial of service (device hang) via a crafted LAN_TXT24 parameter to English/pages_MacUS/cgi_lan.cgi followed by a direct request to English/pages_MacUS/lan_set_content.html. NOTE: the vendor has apparently responded by stating "Canon believes that its printers will not have to deal with unauthorized access to the network from an external location as long as the printers are used in a secured environment."
by Matt
CVE-2012-4956 METASPLOIT ruby
Novell File Reporter <1.0.2 - Buffer Overflow
Heap-based buffer overflow in NFRAgent.exe in Novell File Reporter 1.0.2 allows remote attackers to execute arbitrary code via a large number of VOL elements in an SRS record.
by juan vazquez
CVE-2017-16086 METASPLOIT HIGH ruby
ua-parser - Regular Expression Denial of Service via UserAgent Header
ua-parser is a port of Browserscope's user agent parser. ua-parser is vulnerable to a ReDoS (Regular Expression Denial of Service) attack when given a specially crafted UserAgent header.
by Ryan Knell, Sonatype Security Research, Nick Starke, Sonatype Security Research
CVSS 7.5
CVE-2021-31806 METASPLOIT MEDIUM ruby
Squid < 4.15 and 5.x < 5.0.6 - Denial of Service via HTTP Range Request Processing
An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy) via HTTP Range request processing.
by Joshua Rogers
CVSS 6.5
CVE-2013-4450 METASPLOIT ruby
Nodejs - Improper Input Validation
The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of service (memory and CPU consumption) by sending a large number of pipelined requests without reading the response.
by Marek Majkowski, titanous, joev
CVE-2011-3192 METASPLOIT ruby
Apache HTTP Server 1.3.x 2.0.35-2.0.64 2.2.0-2.2.19 - Denial of Service via Range Header Overlap
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
by Kingcope, Masashi Fujiwara
CVE-2019-5645 METASPLOIT HIGH ruby
Rapid7 Metasploit < 5.0.27 - Denial of Service via HTTP Handler Regular Expression Injection
By sending a specially crafted HTTP GET request to a listening Rapid7 Metasploit HTTP handler, an attacker can register an arbitrary regular expression. When evaluated, this malicious handler can either prevent new HTTP handler sessions from being established, or cause a resource exhaustion on the Metasploit server.
by Jose Garduno, Dreamlab Technologies AG, Angelo Seiler, Dreamlab Technologies AG
CVSS 7.5
CVE-2008-3656 METASPLOIT ruby
Ruby < 1.8.5 - Denial of Service via WEBrick HTTP Header Parsing
Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_header_value function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted HTTP request that is processed by a backtracking regular expression.
CVE-2019-19494 METASPLOIT HIGH ruby
Broadcom based cable modems - Buffer Overflow
Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote attacker to execute arbitrary code at the kernel level via JavaScript run in a victim's browser. Examples of affected products include Sagemcom F@st 3890 prior to 50.10.21_T4, Sagemcom F@st 3890 prior to 05.76.6.3f, Sagemcom F@st 3686 3.428.0, Sagemcom F@st 3686 4.83.0, NETGEAR CG3700EMR 2.01.05, NETGEAR CG3700EMR 2.01.03, NETGEAR C6250EMR 2.01.05, NETGEAR C6250EMR 2.01.03, Technicolor TC7230 STEB 01.25, COMPAL 7284E 5.510.5.11, and COMPAL 7486E 5.510.5.11.
by Alexander Dalsgaard Krog (Lyrebirds), Jens Hegner Stærmose (Lyrebirds), Kasper Kohsel Terndrup (Lyrebirds), Simon Vandel Sillesen (Independent), Nicholas Starke
CVSS 8.8
CVE-2004-2691 METASPLOIT ruby
3Com SuperStack 3 4400 Switch < 3.31 - Denial of Service via Web Management Interface
Unspecified vulnerability in 3Com SuperStack 3 4400 switches with firmware version before 3.31 allows remote attackers to cause a denial of service (device reset) via a crafted request to the web management interface. NOTE: the provenance of this information is unknown; details are obtained from third party reports.
by aushack
CVE-2013-4164 METASPLOIT ruby
Ruby 1.8 1.9-1.9.3-p484 2.0-2.0.0-p353 2.1-2.1.0 preview2 - Heap-based Buffer Overflow via String to Float Conversion
Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse.
by Charlie Somerville, joev, todb
CVE-2014-5266 METASPLOIT ruby
WordPress < 3.9.2 - Denial of Service via Large XML Document in IXR Library
The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote attackers to cause a denial of service (CPU consumption) via a large document, a different vulnerability than CVE-2014-5265.
by Nir Goldshlager, Christian Mehlmauer
CVE-2019-19833 METASPLOIT MEDIUM ruby
Tautulli 2.1.9 - Cross-Site Request Forgery via /shutdown Endpoint
In Tautulli 2.1.9, CSRF in the /shutdown URI allows an attacker to shut down the remote media server. (Also, anonymous access can be achieved in applications that do not have a user login area).
CVSS 6.5
CVE-2010-0425 METASPLOIT ruby
IBM WebSphere Application Server 6.1-6.1.0.30 - Remote Code Execution via ISAPI Module Orphaned Callback Pointers
modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
by Brett Gervasoni, jduck
CVE-2017-1130 METASPLOIT MEDIUM ruby
IBM Notes 8.5-9.0 - Denial of Service via Malicious Link
IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it would open up many file select dialog boxes which would cause the client hang and have to be restarted. IBM X-Force ID: 121371.
by Dhiraj Mishra
CVSS 6.5
By Source
All 3,294 Writeup 61,945 Exploitdb 50,073 Nomisec 22,305 Github 3,486 Metasploit 3,294 Vulncheck_xdb 926 Inthewild 514 Gitlab 470 Gitee 415 Patchapalooza 312
By Language
text 31,383 python 6,500 ruby 5,984 c 3,619 perl 2,849 html 2,071 php 1,331 bash 462 java 370 c++ 255 javascript 228 shell 127 go 72 postscript 25 typescript 25