Metasploit Exploits

3,315 exploits tracked across all sources.

Sort: Activity Stars
CVE-2009-4850 METASPLOIT ruby
Awingsoft Awakening Winds3D Viewer Plugin 3.5.0.9 - Remote Code Execution via SceneURL Property
The Awingsoft Awakening Winds3D Viewer plugin 3.5.0.9 allows remote attackers to execute arbitrary programs via a SceneURL property value with a URL for a .exe file.
by jduck
CVE-2012-4876 METASPLOIT ruby
TRENDnet SecurView TV-IP121WN - Buffer Overflow
Stack-based buffer overflow in the UltraMJCam ActiveX Control in TRENDnet SecurView TV-IP121WN Wireless Internet Camera allows remote attackers to execute arbitrary code via a long string to the OpenFileDlg method.
by rgod, sinn3r
CVE-2010-0483 METASPLOIT ruby
Microsoft Windows VBScript - Remote Code Execution via MsgBox Help File Argument
vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka "VBScript Help Keypress Vulnerability."
by Maurycy Prodeus, jduck
CVE-2009-1568 METASPLOIT ruby
Novell iPrint Client 5.30 - Stack-based Buffer Overflow via Long Target-Frame Parameter
Stack-based buffer overflow in ienipp.ocx in Novell iPrint Client 5.30, and possibly other versions before 5.32, allows remote attackers to execute arbitrary code via a long target-frame parameter.
by jduck
CVE-2014-8440 METASPLOIT ruby
Adobe Flash Player <13.0.0.252/14.x-15.x<15.0.0.223 - RCE/DoS via Memory Corruption
Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0576, CVE-2014-0581, and CVE-2014-8441.
by Nicolas Joly, Unknown, juan vazquez
CVE-2011-0609 METASPLOIT HIGH ruby
Adobe Flash Player AVM Bytecode Verification Vulnerability
Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, as demonstrated by a .swf file embedded in an Excel spreadsheet, and as exploited in the wild in March 2011.
by bannedit, Unknown
CVSS 7.8
CVE-2009-2011 METASPLOIT ruby
Worldweaver DX Studio Player <3.0.29.1 - RCE
Worldweaver DX Studio Player 3.0.29.0, 3.0.22.0, 3.0.12.0, and probably other versions before 3.0.29.1, when used as a plug-in for Firefox, does not restrict access to the shell.execute JavaScript API method, which allows remote attackers to execute arbitrary commands via a .dxstudio file that invokes this method.
by jduck
CVE-2010-1885 METASPLOIT ruby
Windows XP and Windows Server 2003 - Remote Code Execution via Malformed hcp:// URL
The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability."
by Tavis Ormandy, natron
CVE-2006-5198 METASPLOIT ruby
WinZip 10.0 - Remote Code Execution via WZFILEVIEW.FileViewCtrl.61 ActiveX Control
The WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka Sky Software "FileView" ActiveX control) for WinZip 10.0 before build 7245 allows remote attackers to execute arbitrary code via unspecified "unsafe methods."
CVE-2009-3033 METASPLOIT ruby
Symantec Altiris Deployment Solution Buffer Overflow via AeXNSConsoleUtilities.dll
Buffer overflow in the RunCmd method in the Altiris eXpress NS Console Utilities ActiveX control in AeXNSConsoleUtilities.dll in the web console in Symantec Altiris Deployment Solution 6.9.x, Altiris Notification Server 6.0.x, and Management Platform 7.0.x allows remote attackers to execute arbitrary code via a long string in the second argument.
by MC
CVE-2012-2516 METASPLOIT ruby
GE Intelligent Platforms - Command Injection
An ActiveX control in KeyHelp.ocx in KeyWorks KeyHelp Module (aka the HTML Help component), as used in GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; Proficy HMI/SCADA iFIX 5.0 and 5.1; Proficy Pulse 1.0; Proficy Batch Execution 5.6; SI7 I/O Driver 7.20 through 7.42; and other products, allows remote attackers to execute arbitrary commands via crafted input, related to a "command injection vulnerability."
CVE-2014-6332 METASPLOIT HIGH ruby
Microsoft Windows - Remote Code Execution via SafeArrayDimen Function
OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted web site, as demonstrated by an array-redimensioning attempt that triggers improper handling of a size value in the SafeArrayDimen function, aka "Windows OLE Automation Array Remote Code Execution Vulnerability."
by Robert Freeman, yuange, Rik van Duijn, Wesley Neelen
CVSS 8.8
CVE-2007-4607 METASPLOIT ruby
Quiksoft EasyMail SMTP Object <6.0.1 - Buffer Overflow
Buffer overflow in the EasyMailSMTPObj ActiveX control in emsmtp.dll 6.0.1 in the Quiksoft EasyMail SMTP Object, as used in Postcast Server Pro 3.0.61 and other products, allows remote attackers to execute arbitrary code via a long argument to the SubmitToExpress method, a different vulnerability than CVE-2007-1029. NOTE: this may have been fixed in version 6.0.3.15.
by MC
CVE-2019-5786 METASPLOIT MEDIUM ruby
Google Chrome < 72.0.3626.121 - Use-After-Free in Blink via Crafted HTML Page
Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
by Clement Lecigne, István Kurucsai, timwr
CVSS 6.5
CVE-2009-0187 METASPLOIT ruby
Orbit Downloader <2.8.5 - Buffer Overflow
Stack-based buffer overflow in Orbit Downloader 2.8.2 and 2.8.3, and possibly other versions before 2.8.5, allows remote attackers to execute arbitrary code via a crafted HTTP URL with a long host name, which is not properly handled when constructing a "Connecting" log message.
by MC
CVE-2008-4830 METASPLOIT ruby
SAP GUI 6.40 Patch 29 and 7.10 Patch 5 - Arbitrary File Write and Read via KWEdit ActiveX Control
Insecure method vulnerability in the KWEdit ActiveX control in SAP GUI 6.40 Patch 29 (KWEDIT.DLL 6400.1.1.41) and 7.10 Patch 5 (KWEDIT.DLL 7100.1.1.43) allows remote attackers to (1) overwrite arbitrary files via the SaveDocumentAs method or (2) read or execute arbitrary files via the OpenDocument method.
by MC
CVE-2006-6063 METASPLOIT ruby
XMPlay < 3.3.0.5 - Stack-Based Buffer Overflow via M3U File
Stack-based buffer overflow in Un4seen XMPlay 3.3.0.5 and earlier allows remote attackers to execute arbitrary code via a M3U file containing a long (1) FileName, and cause a crash via a long (2) DisplayName.
CVE-2010-0805 METASPLOIT ruby
Microsoft Internet Explorer <6 - RCE
The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5.01 SP4, 6 on Windows XP SP2 and SP3, and 6 SP1 allows remote attackers to execute arbitrary code via a long URL (DataURL parameter) that triggers memory corruption in the CTDCCtl::SecurityCHeckDataURL function, aka "Memory Corruption Vulnerability."
by Unknown, jduck
CVE-2011-10028 METASPLOIT HIGH ruby
RealArcade 2.6.0.445 ActiveX - Exec Method Command Execution
The RealNetworks RealArcade platform includes an ActiveX control (InstallerDlg.dll, version 2.6.0.445) that exposes a method named Exec via the StubbyUtil.ProcessMgr COM object. This method allows remote attackers to execute arbitrary commands on a victim's Windows machine without proper validation or restrictions. This platform was sometimes referred to or otherwise known as RealArcade or Arcade Games and has since consolidated with RealNetworks' platform, GameHouse.
by rgod, sinn3r
CVE-2012-1876 METASPLOIT ruby
Microsoft Internet Explorer 6-9 and 10 Consumer Preview - Remote Code Execution via Col Element Handling
Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
by Alexandre Pelletier
CVE-2012-0754 METASPLOIT HIGH ruby
Adobe Flash Player <10.3.183.15, <11.1.102.62 - Memory Corruption
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
by Alexander Gavrun, sinn3r, juan vazquez
CVSS 8.1
CVE-2012-2176 METASPLOIT ruby
IBM Lotus Quickr 8.2 - Remote Code Execution via Long Argument to Attachment_Times or Import_Times Method
Multiple stack-based buffer overflows in a certain ActiveX control in qp2.cab in IBM Lotus Quickr 8.2 before 8.2.0.27-002a for Domino allow remote attackers to execute arbitrary code via a long argument to the (1) Attachment_Times or (2) Import_Times method.
by Gaurav Baruah, juan vazquez
CVE-2010-5193 METASPLOIT ruby
Viscom Image Viewer CP Pro/Gold <8.0-6.0 - Buffer Overflow
Stack-based buffer overflow in the TIFMergeMultiFiles function in the SCRIBBLE.ScribbleCtrl.1 ActiveX control (ImageViewer2.ocx) in Viscom Image Viewer CP Pro 8.0 and Gold 6.0 allows remote attackers to execute arbitrary code via a long strDelimit parameter.
by Dr_IDE
CVE-2013-3897 METASPLOIT HIGH ruby
Internet Explorer 6-11 - Remote Code Execution via CDisplayPointer Use-After-Free
Use-after-free vulnerability in the CDisplayPointer class in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted JavaScript code that uses the onpropertychange event handler, as exploited in the wild in September and October 2013, aka "Internet Explorer Memory Corruption Vulnerability."
by Unknown, sinn3r
CVSS 8.8
CVE-2010-20119 METASPLOIT HIGH ruby
CommuniCrypt Mail <=1.16 - Buffer Overflow
CommuniCrypt Mail versions up to and including 1.16 contains a stack-based buffer overflow vulnerability in its ANSMTP.dll and AOSMTP.dll ActiveX controls, specifically within the AddAttachments() method. This method fails to properly validate the length of input strings, allowing data to exceed the bounds of a fixed-size stack buffer. When invoked with an overly long string, the control can corrupt adjacent memory structures, including exception handlers, leading to potential control flow disruption.
by Lincoln, dookie
By Source
All 3,315 Writeup 62,466 Exploitdb 50,076 Nomisec 22,446 Github 3,667 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,592 ruby 6,006 c 3,631 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 231 shell 133 go 73 postscript 25 typescript 25