Metasploit Exploits

3,314 exploits tracked across all sources.

Sort: Activity Stars
CVE-2005-4411 METASPLOIT ruby
Mercury Mail Transport System <4.01b - RCE
Buffer overflow in Mercury Mail Transport System 4.01b allows remote attackers to execute arbitrary code via a long request to TCP port 105.
CVE-2009-3853 METASPLOIT ruby
IBM Tivoli Storage Manager 5.3-5.3.6.6, 5.4-5.4.2, 5.5-5.5.2.1, 6.1-6.1.0.1 - Remote Code Execution
Stack-based buffer overflow in the client acceptor daemon (CAD) scheduler in the client in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.7, 5.4 before 5.4.3, 5.5 before 5.5.2.2, and 6.1 before 6.1.0.2, and TSM Express 5.3.3.0 through 5.3.6.6, allows remote attackers to execute arbitrary code via crafted data in a TCP packet.
by jduck
CVE-2016-2004 METASPLOIT CRITICAL ruby
HPE Data Protector <7.03_108,8.x<8.15,9.x<9.06 - RCE
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2623.
by Jon Barg, Ian Lovering
CVSS 9.8
CVE-2004-1317 METASPLOIT ruby
Netcat for Windows 1.1 - Buffer Overflow
Stack-based buffer overflow in doexec.c in Netcat for Windows 1.1, when running with the -e option, allows remote attackers to execute arbitrary code via a long DNS command.
CVE-2007-6166 METASPLOIT ruby
Apple QuickTime <7.3.1 - Buffer Overflow
Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header.
CVE-2022-3218 METASPLOIT CRITICAL ruby
Necta WiFi Mouse Server - Remote Code Execution via Client-Side Authentication Bypass
Due to a reliance on client-side authentication, the WiFi Mouse (Mouse Server) from Necta LLC's authentication mechanism is trivially bypassed, which can result in remote code execution.
by h00die, REDHATAUGUST, H4RK3NZ0
CVSS 9.8
CVE-2012-2020 METASPLOIT ruby
HP Operations Agent <11.03.12 - RCE
Unspecified vulnerability in HP Operations Agent before 11.03.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1326.
by Luigi Auriemma, juan vazquez
CVE-2017-17968 METASPLOIT CRITICAL ruby
NetTransport Download Manager < 2.96l - Remote Code Execution via Long HTTP Response
A buffer overflow vulnerability in NetTransport.exe in NetTransport Download Manager 2.96L and earlier could allow remote HTTP servers to execute arbitrary code on NAS devices via a long HTTP response.
by Lincoln, dookie
CVSS 9.8
CVE-2012-2611 METASPLOIT ruby
SAP NetWeaver 7.0 EHP1 and EHP2 - Remote Code Execution via DiagTraceR3Info Function
The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2, when a certain Developer Trace configuration is enabled, allows remote attackers to execute arbitrary code via a crafted SAP Diag packet.
by Martin Gallo, juan vazquez
CVE-2010-1549 METASPLOIT ruby
HP LoadRunner < 9.50 and Performance Center < 9.50 - Remote Code Execution
Unspecified vulnerability in the Agent in HP LoadRunner before 9.50 and HP Performance Center before 9.50 allows remote attackers to execute arbitrary code via unknown vectors.
by Unknown, aushack
CVE-2015-7387 METASPLOIT ruby
ManageEngine EventLog Analyzer < 10.6 - SQL Injection via event/runQuery.do Query Parameter
ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass intended restrictions and execute arbitrary SQL commands via an allowed query followed by a disallowed one in the query parameter to event/runQuery.do, as demonstrated by "SELECT 1;INSERT INTO." Fixed in Build 11200.
CVE-2008-2286 METASPLOIT ruby
Symantec Altiris Deployment Solution 6.8.x-6.9.x - SQL Injection via Notification Packet String Fields
SQL injection vulnerability in axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows remote attackers to execute arbitrary SQL commands via unspecified string fields in a notification packet.
by Brett Moore, 3v0lver
CVE-2013-2492 METASPLOIT ruby
Firebird <2.1.5-2.5.3 - Buffer Overflow
Stack-based buffer overflow in Firebird 2.1.3 through 2.1.5 before 18514, and 2.5.1 through 2.5.3 before 26623, on Windows allows remote attackers to execute arbitrary code via a crafted packet to TCP port 3050, related to a missing size check during extraction of a group number from CNCT information.
CVE-2011-0922 METASPLOIT ruby
HP Data Protector - Remote Code Execution via EXEC_SETUP Command
The client in HP Data Protector allows remote attackers to execute arbitrary programs via an EXEC_SETUP command that references a UNC share pathname.
by Ben Turner
CVE-2011-1865 METASPLOIT ruby
HP OpenView Storage Data Protector <6.20 - Buffer Overflow
Multiple stack-based buffer overflows in the inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allow remote attackers to execute arbitrary code via a request containing crafted parameters.
by Oren Isacson, muts, dookie, sinn3r
CVE-2015-7450 METASPLOIT CRITICAL ruby
IBM Sterling B2B Integrator - Remote Code Execution via Apache Commons Collections Deserialization
Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the Apache Commons Collections library.
by Liatsis Fotios @liatsisfotios
CVSS 9.8
CVE-2022-3229 METASPLOIT CRITICAL ruby
Unified Remote < 3.11.0.2483 - Unauthenticated Remote Code Execution via Web Management Interface
Because the web management interface for Unified Intents' Unified Remote solution does not itself require authentication, a remote, unauthenticated attacker can change or disable authentication requirements for the Unified Remote protocol, and leverage this now-unauthenticated access to run code of the attacker's choosing.
by h00die, H4RK3NZ0
CVSS 9.8
CVE-2007-5243 METASPLOIT ruby
InterBase 8.0.0.53-8.1.0.253 & WI 5.1.1.680-8.1.0.257 - Remote Code Execution via Stack Overflow
Multiple stack-based buffer overflows in Borland InterBase LI 8.0.0.53 through 8.1.0.253, and WI 5.1.1.680 through 8.1.0.257, allow remote attackers to execute arbitrary code via (1) a long service attach request on TCP port 3050 to the (a) SVC_attach or (b) INET_connect function, (2) a long create request on TCP port 3050 to the (c) isc_create_database or (d) jrd8_create_database function, (3) a long attach request on TCP port 3050 to the (e) isc_attach_database or (f) PWD_db_aliased function, or unspecified vectors involving the (4) jrd8_attach_database or (5) expand_filename2 function.
by Ramon de C Valle
CVE-2011-10022 METASPLOIT HIGH ruby
SPlayer < 3.7 (Build 2055) - Stack-Based Buffer Overflow via HTTP Content-Type Header
SPlayer version 3.7 and earlier is vulnerable to a stack-based buffer overflow when processing HTTP responses containing an overly long Content-Type header. The vulnerability occurs due to improper bounds checking on the header value, allowing an attacker to overwrite the Structured Exception Handler (SEH) and execute arbitrary code. Exploitation requires the victim to open a media file that triggers an HTTP request to a malicious server, which responds with a crafted Content-Type header.
CVE-2012-0124 METASPLOIT ruby
HP Data Protector Express 5.0.00-59287 and 6.0.00-11974 - Remote Code Execution or Denial of Service
Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.00 before build 59287 and 6.0.00 before build 11974 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors.
by juan vazquez, sinn3r
CVE-2018-6481 METASPLOIT CRITICAL ruby
Flexense Disksavvy - Memory Corruption
A buffer overflow vulnerability in the control protocol of Disk Savvy Enterprise v10.4.18 allows remote attackers to execute arbitrary code by sending a crafted packet to TCP port 9124.
by Daniel Teixeira
CVSS 9.8
CVE-2014-100015 METASPLOIT ruby
SolidWorks Workgroup PDM 2014 - Unauthenticated Path Traversal and Arbitrary File Write via File Upload
Directory traversal vulnerability in pdmwService.exe in SolidWorks Workgroup PDM 2014 allows remote attackers to write to arbitrary files via a .. (dot dot) in the filename in a file upload.
CVE-2009-10006 METASPLOIT CRITICAL ruby
UFO: Alien Invasion <= 2.2.1 - Stack-based Buffer Overflow in IRC Client via Crafted 001 Message
UFO: Alien Invasion versions up to and including 2.2.1 contain a buffer overflow vulnerability in its built-in IRC client component. When the client connects to an IRC server and receives a crafted numeric reply (specifically a 001 message), the application fails to properly validate the length of the response string. This results in a stack-based buffer overflow, which may corrupt control flow structures and allow arbitrary code execution. The vulnerability is triggered during automatic IRC connection handling and does not require user interaction beyond launching the game.
by Jason Geffner, dookie
CVE-2023-31902 METASPLOIT CRITICAL ruby
RPA Technology Mobile Mouse 3.6.0.4 - RCE
RPA Technology Mobile Mouse 3.6.0.4 is vulnerable to Remote Code Execution (RCE).
by h00die, CHOKRI HAMMEDI
CVSS 9.8
CVE-2009-4660 METASPLOIT ruby
BigAnt IM Server 2.50 - Buffer Overflow
Stack-based buffer overflow in the AntServer Module (AntServer.exe) in BigAnt IM Server 2.50 allows remote attackers to execute arbitrary code via a long GET request to TCP port 6660.
by Lincoln, DouBle_Zer0, jduck
By Source
All 3,314 Writeup 62,302 Exploitdb 50,076 Nomisec 22,417 Github 3,632 Metasploit 3,314 Vulncheck_xdb 929 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,573 ruby 6,005 c 3,628 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 229 shell 131 go 73 postscript 25 typescript 25