Metasploit Exploits

3,294 exploits tracked across all sources.

Sort: Activity Stars
CVE-2014-9034 METASPLOIT ruby
WordPress Long Password DoS
wp-includes/class-phpass.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to cause a denial of service (CPU consumption) via a long password that is improperly handled during hashing, a similar issue to CVE-2014-9016.
by Javier Nieto Arevalo, Andres Rojas Guerrero, rastating
CVE-2017-16249 METASPLOIT HIGH ruby
Brother DCP-J132W Firmware < 1.20 - Denial of Service via Malformed HTTP POST Request
The Debut embedded http server contains a remotely exploitable denial of service where a single malformed HTTP POST request can cause the server to hang until eventually replying (~300 seconds) with an HTTP 500 error. While the server is hung, print jobs over the network are blocked and the web interface is inaccessible. An attacker can continuously send this malformed request to keep the device inaccessible to legitimate traffic.
by z00n <[email protected]>, h00die
CVSS 7.5
CVE-2003-0694 METASPLOIT ruby
Sendmail Advanced Message Server - Remote Code Execution via Prescan Buffer Overflow
The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.
by aushack
CVE-2013-4124 METASPLOIT ruby
Samba 3.x-3.5.21, 3.6.x-3.6.16, 4.x-4.0.7 - Denial of Service via Malformed NTTRANS Packet
Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.
by Jeremy Allison, dz_lnly
CVE-2007-2446 METASPLOIT ruby
Samba 3.0.0-3.0.25rc3 - Buffer Overflow
Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), or (5) LsarLookupSids/LsarLookupSids2 (lsa_io_trans_names).
by hdm
CVE-2007-2446 METASPLOIT ruby
Samba 3.0.0-3.0.25rc3 - Buffer Overflow
Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3) LsarAddPrivilegesToAccount (lsa_io_privilege_set), (4) NetSetFileSecurity (sec_io_acl), or (5) LsarLookupSids/LsarLookupSids2 (lsa_io_trans_names).
by hdm
CVE-2002-1214 METASPLOIT ruby
Microsoft PPTP Service - Buffer Overflow
Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with malformed control data.
by aushack
CVE-2010-2156 METASPLOIT ruby
ISC DHCP 4.0-4.0.2 and 4.1-4.1.1 - Denial of Service via Zero-Length Client ID
ISC DHCP 4.1 before 4.1.1-P1 and 4.0 before 4.0.2-P1 allows remote attackers to cause a denial of service (server exit) via a zero-length client ID.
by sid, theLightCosine
CVE-2017-8779 METASPLOIT HIGH ruby
rpcbind < 0.2.4 - Denial of Service via Crafted UDP Packet
rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0.2-rc3, and NTIRPC through 1.4.3 do not consider the maximum RPC data size during memory allocation for XDR strings, which allows remote attackers to cause a denial of service (memory consumption with no subsequent free) via a crafted UDP packet to port 111, aka rpcbomb.
by guidovranken
CVSS 7.5
CVE-2022-46770 METASPLOIT HIGH ruby
Mirage Firewall 0.8.0-0.8.3 - Denial of Service via Crafted Multicast UDP Packet
qubes-mirage-firewall (aka Mirage firewall for QubesOS) 0.8.x through 0.8.3 allows guest OS users to cause a denial of service (CPU consumption and loss of forwarding) via a crafted multicast UDP packet (IP address range of 224.0.0.0 through 239.255.255.255).
CVSS 7.5
CVE-2015-5374 METASPLOIT ruby
Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module - Denial of Service
A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module : All versions < V1.03; Firmware variant IEC 104 for EN100 Ethernet module : All versions < V1.21; EN100 Ethernet module included in SIPROTEC Merging Unit 6MU80 : All versions < 1.02.02. Specially crafted packets sent to port 50000/UDP could cause a denial-of-service of the affected device. A manual reboot may be required to recover the service of the device.
by M. Can Kurnaz
CVE-2011-4050 METASPLOIT ruby
7T IGSS 9.0.0.11200 - Buffer Overflow
Buffer overflow in 7-Technologies (7T) Interactive Graphical SCADA System (IGSS) 9.0.0.11200 allows remote attackers to cause a denial of service via a crafted packet to TCP port 12401.
by jfa
CVE-2017-7924 METASPLOIT HIGH ruby
DoS Exploitation of Allen-Bradley
An Improper Input Validation issue was discovered in Rockwell Automation MicroLogix 1100 controllers 1763-L16BWA, 1763-L16AWA, 1763-L16BBB, and 1763-L16DWD. A remote, unauthenticated attacker could send a single, specially crafted Programmable Controller Communication Commands (PCCC) packet to the controller that could potentially cause the controller to enter a DoS condition.
CVSS 7.5
CVE-2011-3486 METASPLOIT ruby
Beckhoff TwinCAT <2.11.0.2004 - DoS
Beckhoff TwinCAT 2.11.0.2004 and earlier allows remote attackers to cause a denial of service via a crafted request to UDP port 48899, which triggers an out-of-bounds read.
by Luigi Auriemma, jfa
CVE-2014-0781 METASPLOIT ruby
Yokogawa CENTUM CS 3000 < R3.09.50 - Remote Code Execution via Crafted UDP Packets
Heap-based buffer overflow in BKCLogSvr.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via crafted UDP packets.
by juan vazquez
CVE-2011-0762 METASPLOIT ruby
vsftpd < 2.3.3 - Authenticated Denial of Service via Glob Expression in STAT Command
The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632.
CVE-2017-3881 METASPLOIT CRITICAL ruby
Cisco - Remote Code Execution
A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges. The Cluster Management Protocol utilizes Telnet internally as a signaling and command protocol between cluster members. The vulnerability is due to the combination of two factors: (1) the failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device; and (2) the incorrect processing of malformed CMP-specific Telnet options. An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device. This affects Catalyst switches, Embedded Service 2020 switches, Enhanced Layer 2 EtherSwitch Service Module, Enhanced Layer 2/3 EtherSwitch Service Module, Gigabit Ethernet Switch Module (CGESM) for HP, IE Industrial Ethernet switches, ME 4924-10GE switch, RF Gateway 10, and SM-X Layer 2/3 EtherSwitch Service Module. Cisco Bug IDs: CSCvd48893.
by Artem Kondratenko
CVSS 9.8
CVE-2000-0380 METASPLOIT ruby
Cisco IOS 11.1-12.1 - Denial of Service via URL with %% String
The IOS HTTP service in Cisco routers and switches running IOS 11.1 through 12.1 allows remote attackers to cause a denial of service by requesting a URL that contains a %% string.
by aushack
CVE-2015-5477 METASPLOIT ruby
ISC BIND 9.x <9.9.7-P2, 9.10.x <9.10.2-P3 - DoS
named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries.
by Jonathan Foote, throwawayokejxqbbif, wvu
CVE-2016-2776 METASPLOIT HIGH ruby
Oracle Linux < 9.9.9 - Improper Input Validation
buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.
by Martin Rocha, Ezequiel Tavella, Alejandro Parodi, Infobyte Research Team
CVSS 7.5
CVE-2020-8617 METASPLOIT HIGH ruby
BIND 9.0.0-9.11.17 - Denial of Service via TSIG Key Assertion Failure
Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results.
by Tobias Klein, Shuto Imai
CVSS 7.5
CVE-2009-1730 METASPLOIT ruby
NetMechanica NetDecision TFTP Server 4.2 - Path Traversal and Arbitrary File Write via GET or PUT Command
Multiple directory traversal vulnerabilities in NetMechanica NetDecision TFTP Server 4.2 allow remote attackers to read or modify arbitrary files via directory traversal sequences in the (1) GET or (2) PUT command.
by Rob Kraus, juan vazquez
CVE-2011-4722 METASPLOIT ruby
Ipswitch TFTP Server 1.0.0.24 - Path Traversal via RRQ Filename Field
Directory traversal vulnerability in the TFTP Server 1.0.0.24 in Ipswitch WhatsUp Gold allows remote attackers to read arbitrary files via a .. (dot dot) in the Filename field of an RRQ operation.
by Prabhu S Angadi, sinn3r, juan vazquez
CVE-2013-3319 METASPLOIT ruby
SAP Netweaver 7.03 - Info Disclosure
The GetComputerSystem method in the HostControl service in SAP Netweaver 7.03 allows remote attackers to obtain sensitive information via a crafted SOAP request to TCP port 1128.
CVE-2010-0738 METASPLOIT MEDIUM ruby
JBoss JMX Console Deployer Upload and Execute
The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.
by Chris John Riley
CVSS 5.3
By Source
All 3,294 Writeup 61,945 Exploitdb 50,073 Nomisec 22,305 Github 3,493 Metasploit 3,294 Vulncheck_xdb 926 Inthewild 514 Gitlab 470 Gitee 415 Patchapalooza 312
By Language
text 31,383 python 6,504 ruby 5,984 c 3,620 perl 2,849 html 2,071 php 1,331 bash 462 java 370 c++ 256 javascript 228 shell 127 go 72 postscript 25 typescript 25