Metasploit Exploits

3,315 exploits tracked across all sources.

Sort: Activity Stars
CVE-2016-0051 METASPLOIT HIGH ruby
Microsoft Windows - Local Privilege Escalation via WebDAV Client
The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "WebDAV Elevation of Privilege Vulnerability."
by Tamas Koczka
CVSS 7.8
CVE-2020-5752 METASPLOIT HIGH ruby
Druva inSync inSyncCPHwnet64.exe RPC Type 5 Privilege Escalation
Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges.
by Chris Lyne, Matteo Malvica, bcoles
CVSS 7.8
CVE-2005-2287 METASPLOIT ruby
SoftiaCom wMailServer 1.0 and 2.0 - Denial of Service via Large TCP Packet with Leading Space
SoftiaCom wMailServer 1.0 and 2.0 allows remote attackers to cause a denial of service (application crash) via a large TCP packet with a leading space, possibly triggering a buffer overflow.
by MC
CVE-2003-0714 METASPLOIT ruby
Exchange Server 5.5 and 2000 - Denial of Service via SMTP Extended Verb Request
The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 allows remote attackers to cause a denial of service (memory exhaustion) by directly connecting to the SMTP service and sending a certain extended verb request, possibly triggering a buffer overflow in Exchange 2000.
by hdm, aushack
CVE-2017-6416 METASPLOIT CRITICAL ruby
SysGauge 1.5.18 - Buffer Overflow via SMTP Service Ready String
An issue was discovered in SysGauge 1.5.18. A buffer overflow vulnerability in SMTP connection verification leads to arbitrary code execution. The attack vector is a crafted SMTP daemon that sends a long 220 (aka "Service ready") string.
by Chris Higgins, Peter Baris
CVSS 9.8
CVE-2004-1558 METASPLOIT ruby
YPOPs! 0.4-0.6 - Stack-Based Buffer Overflow via Long POP3 USER Command or SMTP Request
Multiple stack-based buffer overflows in YPOPs! (aka YahooPOPS) 0.4 through 0.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) POP3 USER command or (2) SMTP request.
CVE-2011-4040 METASPLOIT ruby
NJStar Communicator MiniSmtp 3.0.11818 - Remote Code Execution via Crafted Packet
Buffer overflow in MiniSmtp 3.0.11818 in NJStar Communicator allows remote attackers to execute arbitrary code via a crafted packet.
by Dillon Beresford
CVE-2004-1638 METASPLOIT ruby
MailCarrier 2.51 - Buffer Overflow via EHLO Command
Buffer overflow in MailCarrier 2.51 allows remote attackers to execute arbitrary code via a long (1) EHLO and possibly (2) HELO command.
by aushack
CVE-2007-4440 METASPLOIT ruby
MercuryS SMTP <4.51 - Buffer Overflow
Stack-based buffer overflow in the MercuryS SMTP server in Mercury Mail Transport System, possibly 4.51 and earlier, allows remote attackers to execute arbitrary code via a long AUTH CRAM-MD5 string. NOTE: this might overlap CVE-2006-5961.
by MC
CVE-2014-0569 METASPLOIT ruby
Adobe Flash Player < 13.0.0.250, 14.x-15.x < 15.0.0.189, < 11.2.202.411 - Remote Code Execution via Integer Overflow
Integer overflow in Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allows attackers to execute arbitrary code via unspecified vectors.
by bilou, juan vazquez
CVE-2011-3659 METASPLOIT ruby
Mozilla Firefox <4.10 - Use After Free
Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect AttributeChildRemoved notifications that affect access to removed nsDOMAttribute child nodes.
by regenrecht
CVE-2007-4466 METASPLOIT ruby
Electronic Arts SnoopyCtrl - Stack-Based Buffer Overflow
Multiple stack-based buffer overflows in Electronic Arts (EA) SnoopyCtrl ActiveX control (NPSnpy.dll) allow remote attackers to execute arbitrary code via unspecified methods and parameters.
by MC
CVE-2013-1017 METASPLOIT ruby
Apple QuickTime < 7.7.4 - Remote Code Execution via Crafted Dref Atoms
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted dref atoms in a movie file.
by Jason Kratzer, Tom Gallagher, Paul Bates, sinn3r
CVE-2012-1889 METASPLOIT HIGH ruby
Microsoft XML Core Services 3.0, 4.0, 5.0, 6.0 - Remote Code Execution via Uninitialized Memory Access
Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
by inking26, binjo, sinn3r, juan vazquez
CVSS 8.8
CVE-2006-1359 METASPLOIT ruby
Microsoft Internet Explorer <7 - RCE/DoS
Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer.
CVE-2013-1493 METASPLOIT ruby
Oracle JRE < 1.7.0 - Remote Code Execution via Crafted Image Raster Parameters
The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013.
by Unknown, juan vazquez
CVE-2008-3558 METASPLOIT ruby
Cisco WebEx Meeting Manager <20.2008.2606.4919 - Buffer Overflow
Stack-based buffer overflow in the WebexUCFObject ActiveX control in atucfobj.dll in Cisco WebEx Meeting Manager before 20.2008.2606.4919 allows remote attackers to execute arbitrary code via a long argument to the NewObject method.
by Tobias Klein, Elazar Broad, Guido Landi, jduck
CVE-2006-2086 METASPLOIT ruby
JuniperSetup Control - Buffer Overflow via ProductName Parameter
Buffer overflow in JuniperSetupDLL.dll, loaded from JuniperSetup.ocx by the Juniper SSL-VPN Client when accessing a Juniper NetScreen IVE device running IVE OS before 4.2r8.1, 5.0 before 5.0r6.1, 5.1 before 5.1r8, 5.2 before 5.2r4.1, or 5.3 before 5.3r2.1, allows remote attackers to execute arbitrary code via a long argument in the ProductName parameter.
CVE-2013-3184 METASPLOIT ruby
Microsoft Internet Explorer <10 - Code Injection
Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
by corelanc0d3r, sinn3r
CVE-2009-0075 METASPLOIT ruby
Microsoft Internet Explorer 7 - Uninitialized Memory Corruption
Microsoft Internet Explorer 7 does not properly handle errors during attempted access to deleted objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to CFunctionPointer and the appending of document objects, aka "Uninitialized Memory Corruption Vulnerability."
CVE-2011-1996 METASPLOIT ruby
Microsoft Internet Explorer <9 - RCE
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Option Element Remote Code Execution Vulnerability."
by Ivan Fratric, juan vazquez, sinn3r
CVE-2010-3653 METASPLOIT ruby
Adobe Shockwave Player < 11.5.9.615 - Remote Code Execution via Crafted rcsL Chunk
The Director module (dirapi.dll) in Adobe Shockwave Player before 11.5.9.615 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted rcsL chunk containing a field whose value is used as a pointer offset, as exploited in the wild in October 2010. NOTE: some of these details are obtained from third party information.
by David Kennedy
CVE-2010-4452 METASPLOIT ruby
Oracle Java SE/Jav for Bus <6 - Info Disclosure
Unspecified vulnerability in the Deployment component in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors.
by Frederic Hoguin, jduck
CVE-2018-1000006 METASPLOIT HIGH ruby
Electron < 1.7.11 - Remote Code Execution via Protocol Handler
GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, 1.6.15 and earlier has a vulnerability in the protocol handler, specifically Electron apps running on Windows 10, 7 or 2008 that register custom protocol handlers can be tricked in arbitrary command execution if the user clicks on a specially crafted URL. This has been fixed in versions 1.8.2-beta.4, 1.7.11, and 1.6.16.
by Wflki, Daniel Teixeira
CVSS 8.8
CVE-2011-3658 METASPLOIT ruby
Mozilla Firefox <8.0, Thunderbird <8.0, SeaMonkey <2.5 - DoS
The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via vectors involving removal of SVG elements.
by regenrecht
By Source
All 3,315 Writeup 62,427 Exploitdb 50,076 Nomisec 22,443 Github 3,665 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,591 ruby 6,006 c 3,630 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 231 shell 133 go 73 postscript 25 typescript 25