Metasploit Exploits
3,314 exploits tracked across all sources.
HP OpenView Network Node Manager <7.51 - RCE
Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allow remote attackers to execute arbitrary code via unspecified long arguments to (1) ovlogin.exe, (2) OpenView5.exe, (3) snmpviewer.exe, and (4) webappmon.exe, as demonstrated via a long Action parameter to OpenView5.exe.
by MC
Paessler PRTG Network Monitor < 23.3.86.1520 - Authenticated Command Injection
A command injection vulnerability was identified in PRTG 23.2.84.1566 and earlier versions in the HL7 sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. The severity of this vulnerability is high and received a score of 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVSS 7.2
Apache HTTP Server 1.3-1.3.24 & 2.0-2.0.36 - DoS & RCE via Chunk-Encoded Request
Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
by hdm, jduck
HP OpenView Network Node Manager 7.01, 7.51, 7.53 - Remote Code Execution via Long Template or Oid Parameter
Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) a long Template parameter to nnmRptConfig.exe, related to the strcat function; or (2) a long Oid parameter to snmp.exe.
by MC
Microsoft SQL Server Reporting Services - Remote Code Execution via ViewState Deserialization
A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'.
by Soroush Dalili, Spencer McIntyre
CVSS 8.8
HP OpenView Network Node Manager 7.51 and 7.53 - Remote Code Execution via Long Invalid Option to jovgraph.exe
Buffer overflow in the error handling functionality in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long, invalid option to jovgraph.exe.
by jduck
Sybase EAServer 4.2.5-5.2 - Authenticated Stack-Based Buffer Overflow via TreeAction.do Javascript Parameter
Stack-based buffer overflow in TreeAction.do in Sybase EAServer 4.2.5 through 5.2 allows remote authenticated users to execute arbitrary code via a large javascript parameter.
by Unknown
HPE Intelligent Management Center < 7.3 - Remote Code Execution via Untrusted Data Deserialization
A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found.
by Steven Seeley (mr_me) of Offensive Security
CVSS 9.8
Sitecore Experience Manager (XM)/Experience Platform (XP) 10.4 - Insecure Deserialization
Sitecore Experience Manager (XM) and Experience Platform (XP) 10.4 before KB1002844 allow remote code execution through insecure deserialization.
by Dylan Pindur, machang-r7
CVSS 5.3
Serviio Media Server <1.8 - Command Injection
An unauthenticated command injection vulnerability exists in Serviio Media Server versions 1.4 through 1.8 on Windows, in the /rest/action API endpoint exposed by the console component (default port 23423). The checkStreamUrl method accepts a VIDEO parameter that is passed unsanitized to a call to cmd.exe, enabling arbitrary command execution under the privileges of the web server. No authentication is required to exploit this issue, as the REST API is exposed by default and lacks access controls.
Ivanti Avalanche < 6.3.4.153 - Unrestricted Upload of File with Dangerous Type
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution.
by Piotr Bazydlo, Shelby Pace
CVSS 7.2
Advantech iView <5.7.03.6112 - Code Execution
Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution.
by wvu, Spencer McIntyre
CVSS 9.8
Cogent Real-Time Systems - Buffer Overflow
Stack-based buffer overflow in the web server in Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long HTTP header.
Novell eDirectory 8.x-8.8.x - Remote Code Execution via Long HTTP Host Header or Dot in Username
Multiple stack-based buffer overflows in Novell eDirectory 8.8.x before 8.8.1 FTF1, and 8.x up to 8.7.3.8, and Novell NetMail before 3.52e FTF2, allow remote attackers to execute arbitrary code via (1) a long HTTP Host header, which triggers an overflow in the BuildRedirectURL function; or vectors related to a username containing a . (dot) character in the (2) SMTP, (3) POP, (4) IMAP, (5) HTTP, or (6) Networked Messaging Application Protocol (NMAP) Netmail services.
RabidHamster R4 v1.25 - Buffer Overflow
RabidHamster R4 v1.25 contains a stack-based buffer overflow vulnerability due to unsafe use of sprintf() when logging malformed HTTP requests. A remote attacker can exploit this flaw by sending a specially crafted URI, resulting in arbitrary code execution under the context of the web server process.
by Luigi Auriemma, sinn3r
SAP DB - Remote Code Execution via Stack-Based Buffer Overflow in waHTTP.exe
Multiple stack-based buffer overflows in waHTTP.exe (aka the SAP DB Web Server) in SAP DB, possibly 7.3 through 7.5, allow remote attackers to execute arbitrary code via (1) a certain cookie value; (2) a certain additional parameter, related to sapdbwa_GetQueryString; and other unspecified vectors related to "numerous other fields."
by MC
PSOProxy 0.91 - Buffer Overflow via Long HTTP Request
Buffer overflow in PSOProxy 0.91 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long HTTP request, as demonstrated using a long (1) GET argument or (2) method name.
by aushack
Sergey Lyubka Simple HTTPD <1.34 - RCE
Stack-based buffer overflow in Sergey Lyubka Simple HTTPD (shttpd) 1.34 allows remote attackers to execute arbitrary code via a long URI.
Trend Micro OfficeScan 11 and XG (12) - Remote Code Execution via Proxy.php T Parameter
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the T parameter within Proxy.php. Formerly ZDI-CAN-4544.
by mr_me <[email protected]>, Mehmet Ince <[email protected]>
CVSS 9.8
Sambar Server <6.0 - Buffer Overflow
Stack-based buffer overflow in results.stm for Sambar Server before the 6.0 production release allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP POST request with a long query parameter.
by hdm
Microsoft Exchange Server - Privilege Escalation
Microsoft Exchange Server Elevation of Privilege Vulnerability
by Orange Tsai, Jang (@testanull), PeterJson, brandonshi123, mekhalleh (RAMELLA Sébastien), Donny Maasland, Rich Warren, Spencer McIntyre, wvu
CVSS 9.0
MyLittleAdmin 3.8 - Unauthenticated Remote Code Execution via Hardcoded MachineKey
The management tool in MyLittleAdmin 3.8 allows remote attackers to execute arbitrary code because machineKey is hardcoded (the same for all customers' installations) in web.config, and can be used to send serialized ASP code.
by Spencer McIntyre, wvu
CVSS 9.8
Disk Sorter Enterprise <9.5.12 - RCE
A buffer overflow vulnerability in Disk Sorter Enterprise 9.5.12 and earlier allows remote attackers to execute arbitrary code via a GET request.
by Daniel Teixeira
CVSS 9.8
ManageEngine ADAudit Plus CVE-2022-28219
Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution.
by Naveen Sunkavally, Ron Bowes
CVSS 9.8
Kaseya KServer <6.3.0.2 - File Upload
An unrestricted file upload vulnerability exists in Kaseya KServer versions prior to 6.3.0.2. The uploadImage.asp endpoint allows unauthenticated users to upload files to arbitrary paths via a crafted filename parameter in a multipart/form-data POST request. Due to the lack of authentication and input sanitation, an attacker can upload a file with an .asp extension to a web-accessible directory, which can then be invoked to execute arbitrary code with the privileges of the IUSR account. The vulnerability enables remote code execution without prior authentication and was resolved in version 6.3.0.2 by removing the vulnerable uploadImage.asp endpoint.
by Thomas Hibbert <[email protected]>
By Source