Metasploit Exploits

3,315 exploits tracked across all sources.

Sort: Activity Stars
CVE-2013-4798 METASPLOIT ruby
HP LoadRunner < 11.52 - Remote Code Execution
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1705.
by Brian Gorenc, juan vazquez
CVE-2010-2883 METASPLOIT HIGH ruby
Adobe Reader/Acrobat <9.4-8.2.5 - Buffer Overflow
Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a Smart INdependent Glyphlets (SING) table in a TTF font, as exploited in the wild in September 2010. NOTE: some of these details are obtained from third party information.
by Unknown, sn0wfl0w, jduck
CVSS 7.3
CVE-2007-3147 METASPLOIT ruby
Yahoo! Messenger - Buffer Overflow in Webcam Upload ActiveX Control
Buffer overflow in the Yahoo! Webcam Upload ActiveX control in ywcupl.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the send method. NOTE: some of these details are obtained from third party information.
by MC
CVE-2007-1559 METASPLOIT ruby
Roxio CinePlayer 3.2 - Remote Code Execution via Long Property Values or Method Arguments
Multiple stack-based buffer overflows in SonicDVDDashVRNav.dll in Roxio CinePlayer 3.2 allow remote attackers to execute arbitrary code via (1) unspecified long property values to SonicMediaPlayer.dll or (2) long arguments to unspecified methods in SonicMediaPlayer.dll.
CVE-2007-4474 METASPLOIT ruby
IBM Lotus Domino Web Access 6.x-7.x - Remote Code Execution via Long General_ServerName Property
Multiple stack-based buffer overflows in the IBM Lotus Domino Web Access ActiveX control, as provided by inotes6.dll, inotes6w.dll, dwa7.dll, and dwa7w.dll, in Domino 6.x and 7.x allow remote attackers to execute arbitrary code, as demonstrated by an overflow from a long General_ServerName property value when calling the InstallBrowserHelperDll function in the Upload Module in the dwa7.dwa7.1 control in dwa7w.dll 7.0.34.1.
CVE-2007-5603 METASPLOIT ruby
SonicWall SSL-VPN < 2.1 - Stack-Based Buffer Overflow via NetExtender NELaunchCtrl AddRouteEntry Method
Stack-based buffer overflow in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51, and 2.5.x before 2.5.0.56, allows remote attackers to execute arbitrary code via a long string in the second argument to the AddRouteEntry method.
by MC
CVE-2010-3275 METASPLOIT ruby
VideoLAN VLC Media Player <1.1.8 - RCE
libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an AMV file, related to a "dangling pointer vulnerability."
by sinn3r
CVE-2012-4924 METASPLOIT ruby
ASUS Net4Switch 1.0.0020 - Buffer Overflow
Buffer overflow in the CxDbgPrint function in the ipswcom.dll ActiveX component 1.0.0.1 for ASUS Net4Switch 1.0.0020 allows remote attackers to execute arbitrary code via a long parameter to the Alert method.
by Dmitriy Evdokimov, sinn3r
CVE-2012-1775 METASPLOIT ruby
VLC media player < 2.0.1 - Remote Code Execution via Crafted MMS Stream
Stack-based buffer overflow in VideoLAN VLC media player before 2.0.1 allows remote attackers to execute arbitrary code via a crafted MMS:// stream.
by Florent Hochwelker, sinn3r, juan vazquez
CVE-2012-4598 METASPLOIT ruby
McAfee Virtual Technician <6.4 - RCE
An unspecified ActiveX control in McAfee Virtual Technician (MVT) before 6.4, and ePO-MVT, allows remote attackers to execute arbitrary code or cause a denial of service (Internet Explorer crash) via a crafted web site.
by rgod, sinn3r
CVE-2010-3765 METASPLOIT CRITICAL ruby
Mozilla Firefox 3.5.x-3.5.14 and 3.6.x-3.6.11 - Remote Code Execution via nsCSSFrameConstructor
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.
by unknown, scriptjunkie
CVSS 9.8
CVE-2014-0307 METASPLOIT ruby
Microsoft Internet Explorer 9 - Use After Free
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a certain sequence of manipulations of a TextRange element, aka "Internet Explorer Memory Corruption Vulnerability."
by Jason Kratzer, sinn3r
CVE-2010-3189 METASPLOIT ruby
Trend Micro Internet Security Pro 2010 - RCE
The extSetOwner function in the UfProxyBrowserCtrl ActiveX control (UfPBCtrl.dll) in Trend Micro Internet Security Pro 2010 allows remote attackers to execute arbitrary code via an invalid address that is dereferenced as a pointer.
CVE-2010-1818 METASPLOIT ruby
Apple QuickTime - Remote Code Execution via Untrusted Pointer Unmarshalling
The IPersistPropertyBag2::Read function in QTPlugin.ocx in Apple QuickTime 6.x, 7.x before 7.6.8, and other versions allows remote attackers to execute arbitrary code via the _Marshaled_pUnk attribute, which triggers unmarshalling of an untrusted pointer.
by Ruben Santemarta, jduck
CVE-2007-6016 METASPLOIT ruby
Symantec Backup Exec for Windows Server <12.0.1364 - Buffer Overflow
Multiple stack-based buffer overflows in the PVATLCalendar.PVCalendar.1 ActiveX control in pvcalendar.ocx in the scheduler component in the Media Server in Symantec Backup Exec for Windows Server (BEWS) 11d 11.0.6235 and 11.0.7170, and 12.0 12.0.1364, allow remote attackers to execute arbitrary code via a long (1) _DOWText0, (2) _DOWText1, (3) _DOWText2, (4) _DOWText3, (5) _DOWText4, (6) _DOWText5, (7) _DOWText6, (8) _MonthText0, (9) _MonthText1, (10) _MonthText2, (11) _MonthText3, (12) _MonthText4, (13) _MonthText5, (14) _MonthText6, (15) _MonthText7, (16) _MonthText8, (17) _MonthText9, (18) _MonthText10, or (19) _MonthText11 property value when executing the Save method. NOTE: the vendor states "Authenticated user involvement required," but authentication is not needed to attack a client machine that loads this control.
CVE-2009-3459 METASPLOIT HIGH ruby
Adobe Acrobat < 9.1.3 - Remote Code Execution via Crafted PDF File
Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption, as exploited in the wild in October 2009. NOTE: some of these details are obtained from third party information.
by unknown, jduck, jabra
CVSS 8.8
CVE-2012-0284 METASPLOIT ruby
Cisco Linksys PlayerPT <1.0.0.15 - Buffer Overflow
Stack-based buffer overflow in the SetSource method in the Cisco Linksys PlayerPT ActiveX control 1.0.0.15 in PlayerPT.ocx on the Cisco WVC200 Wireless-G PTZ Internet video camera allows remote attackers to execute arbitrary code via a long URL in the first argument (aka the sURL argument).
by rgod, juan vazquez
CVE-2012-0779 METASPLOIT ruby
Adobe Flash Player <10.3.183.19-11.2.202.235 - RCE
Adobe Flash Player before 10.3.183.19 and 11.x before 11.2.202.235 on Windows, Mac OS X, and Linux; before 11.1.111.9 on Android 2.x and 3.x; and before 11.1.115.8 on Android 4.x allows remote attackers to execute arbitrary code via a crafted file, related to an "object confusion vulnerability," as exploited in the wild in May 2012.
by sinn3r, juan vazquez
CVE-2013-2551 METASPLOIT HIGH ruby
Microsoft Internet Explorer <10 - RCE
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-1309.
by Nicolas Joly, 4B5F5F4B, juan vazquez, sinn3r
CVSS 8.8
CVE-2008-0015 METASPLOIT HIGH ruby
Microsoft Windows 2003 Server and XP - Remote Code Execution via MPEG2TuneRequest ActiveX Control
Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability."
CVSS 8.8
CVE-2015-0318 METASPLOIT ruby
Adobe Flash Player < 13.0.0.269 and 14.x-16.x < 16.0.0.305 - Remote Code Execution
Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0314, CVE-2015-0316, CVE-2015-0321, CVE-2015-0329, and CVE-2015-0330.
by Mark Brand, sinn3r
CVE-2009-3693 METASPLOIT ruby
Persits XUpload - Path Traversal via MakeHttpRequest Method
Directory traversal vulnerability in the Persits.XUpload.2 ActiveX control (XUpload.ocx) in HP LoadRunner 9.5 allows remote attackers to create arbitrary files via \.. (backwards slash dot dot) sequences in the third argument to the MakeHttpRequest method.
by jduck
CVE-2007-0038 METASPLOIT ruby
Microsoft Windows 2000 SP4 through Vista - Remote Code Execution via Animated Cursor RIFF File
Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765; if so, then CVE-2007-0038 should be preferred.
by hdm, skape
CVE-2009-3672 METASPLOIT ruby
Microsoft Internet Explorer 6 and 7 - Remote Code Execution via STYLE Tag Memory Corruption
Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory that (1) were not properly initialized or (2) are deleted, which allows remote attackers to execute arbitrary code via vectors involving a call to the getElementsByTagName method for the STYLE tag name, selection of the single element in the returned list, and a change to the outerHTML property of this element, related to Cascading Style Sheets (CSS) and mshtml.dll, aka "HTML Object Memory Corruption Vulnerability." NOTE: some of these details are obtained from third party information. NOTE: this issue was originally assigned CVE-2009-4054, but Microsoft assigned a duplicate identifier of CVE-2009-3672. CVE consumers should use this identifier instead of CVE-2009-4054.
CVE-2008-5711 METASPLOIT ruby
Facebook PhotoUploader <5.0.14.0 - Buffer Overflow
Heap-based buffer overflow in the Facebook PhotoUploader ActiveX control 5.0.14.0 and earlier allows remote attackers to execute arbitrary code via a long FileMask property value.
by MC
By Source
All 3,315 Writeup 62,466 Exploitdb 50,076 Nomisec 22,446 Github 3,667 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,592 ruby 6,006 c 3,631 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 231 shell 133 go 73 postscript 25 typescript 25