Metasploit Exploits

3,315 exploits tracked across all sources.

Sort: Activity Stars
CVE-2005-3314 METASPLOIT ruby
Novell Netmail 3.5.2 - Remote Code Execution via IMAP Daemon Long Verb Arguments
Stack-based buffer overflow in the IMAP daemon in Novell Netmail 3.5.2 allows remote attackers to execute arbitrary code via "long verb arguments."
by MC
CVE-2004-1211 METASPLOIT ruby
Mercury/32 4.01a - Authenticated Buffer Overflow via IMAP Command Arguments
Multiple buffer overflows in the IMAP service in Mercury/32 4.01a allow remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via long arguments to the (1) EXAMINE, (2) SUBSCRIBE, (3) STATUS, (4) APPEND, (5) CHECK, (6) CLOSE, (7) EXPUNGE, (8) FETCH, (9) RENAME, (10) DELETE, (11) LIST, (12) SEARCH, (13) CREATE, or (14) UNSUBSCRIBE commands.
by MC
CVE-2005-1758 METASPLOIT ruby
Novell NetMail < 3.52C - Remote Code Execution via IMAP Command Continuation Buffer Overflow
Buffer overflow in the IMAP command continuation function in Novell NetMail 3.52 before 3.52C may allow remote attackers to execute arbitrary code.
by MC
CVE-2005-2278 METASPLOIT ruby
MailEnable Professional 1.54 - Authenticated Stack-Based Buffer Overflow via IMAP Status Command
Stack-based buffer overflow in the IMAP daemon (imapd) in MailEnable Professional 1.54 allows remote authenticated users to execute arbitrary code via the status command with a long mailbox name.
by MC
CVE-2005-4267 METASPLOIT ruby
Qualcomm WorldMail 3.0 - Remote Code Execution via Long IMAP Command
Stack-based buffer overflow in Qualcomm WorldMail 3.0 allows remote attackers to execute arbitrary code via a long IMAP command that ends with a "}" character, as demonstrated using long (1) LIST, (2) LSUB, (3) SEARCH TEXT, (4) STATUS INBOX, (5) AUTHENTICATE, (6) FETCH, (7) SELECT, and (8) COPY commands.
by MC, jduck
CVE-2005-0491 METASPLOIT ruby
Knox Arkeia Server Backup 5.3.x - Remote Code Execution via Type 77 Request
Stack-based buffer overflow in Knox Arkeia Server Backup 5.3.x allows remote attackers to execute arbitrary code via a long type 77 request.
by hdm
CVE-2008-2240 METASPLOIT ruby
IBM Lotus Domino - Stack-based Buffer Overflow via Accept-Language HTTP Header
Stack-based buffer overflow in the Web Server service in IBM Lotus Domino before 7.0.3 FP1, and 8.x before 8.0.1, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long Accept-Language HTTP header.
CVE-2010-3407 METASPLOIT ruby
IBM Lotus Domino <8.0.2 FP5-8.5.1 FP2 - RCE
Stack-based buffer overflow in the MailCheck821Address function in nnotes.dll in the nrouter.exe service in the server in IBM Lotus Domino 8.0.x before 8.0.2 FP5 and 8.5.x before 8.5.1 FP2 allows remote attackers to execute arbitrary code via a long e-mail address in an ORGANIZER:mailto header in an iCalendar calendar-invitation e-mail message, aka SPR NRBY7ZPJ9V.
by A. Plaskett, sinn3r
CVE-2011-1213 METASPLOIT ruby
IBM Lotus Notes < 8.5.2.2 - Remote Code Execution via Crafted LZH Attachment
Integer underflow in lzhsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted header in a .lzh attachment that triggers a stack-based buffer overflow, aka SPR PRAD88MJ2W.
by binaryhouse.net
CVE-2008-2499 METASPLOIT ruby
IBM Lotus Sametime < 7.5.1 CF1 and 8.x < 8.0.1 - Remote Code Execution via Crafted URL
Stack-based buffer overflow in the Community Services Multiplexer (aka MUX or StMux.exe) in IBM Lotus Sametime 7.5.1 CF1 and earlier, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code via a crafted URL.
by aushack
CVE-2010-0266 METASPLOIT ruby
Microsoft Outlook 2002 SP3, 2003 SP3, 2007 SP1/SP2 - Remote Code Execution via SMB Attachment Handling
Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PR_ATTACH_METHOD property value of ATTACH_BY_REFERENCE, which allows user-assisted remote attackers to execute arbitrary code via a crafted message, aka "Microsoft Outlook SMB Attachment Vulnerability."
CVE-2007-1765 METASPLOIT ruby
Microsoft Windows 2000 and 2003 Server - Remote Code Execution via Malformed ANI File
Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier.
by hdm, skape
CVE-2010-0266 METASPLOIT ruby
Microsoft Outlook 2002 SP3, 2003 SP3, 2007 SP1/SP2 - Remote Code Execution via SMB Attachment Handling
Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PR_ATTACH_METHOD property value of ATTACH_BY_REFERENCE, which allows user-assisted remote attackers to execute arbitrary code via a crafted message, aka "Microsoft Outlook SMB Attachment Vulnerability."
CVE-2002-1059 METASPLOIT ruby
SecureCRT < 3.4.6 and 4.x < 4.0 beta 3 - Remote Code Execution via Long SSH1 Protocol Version String
Buffer overflow in Van Dyke SecureCRT SSH client before 3.4.6, and 4.x before 4.0 beta 3, allows an SSH server to execute arbitrary code via a long SSH1 protocol version string.
CVE-2006-2407 METASPLOIT ruby
freeFTPd 1.0.10 - Stack-Based Buffer Overflow via Long Key Exchange Algorithm String
Stack-based buffer overflow in (1) WeOnlyDo wodSSHServer ActiveX Component 1.2.7 and 1.3.3 DEMO, as used in other products including (2) FreeSSHd 1.0.9 and (3) freeFTPd 1.0.10, allows remote attackers to execute arbitrary code via a long key exchange algorithm string.
CVE-2006-2407 METASPLOIT ruby
freeFTPd 1.0.10 - Stack-Based Buffer Overflow via Long Key Exchange Algorithm String
Stack-based buffer overflow in (1) WeOnlyDo wodSSHServer ActiveX Component 1.2.7 and 1.3.3 DEMO, as used in other products including (2) FreeSSHd 1.0.9 and (3) freeFTPd 1.0.10, allows remote attackers to execute arbitrary code via a long key exchange algorithm string.
CVE-2012-6066 METASPLOIT ruby
freeSSHd < 1.2.6 - Unauthenticated Authentication Bypass via Crafted Session
freeSSHd.exe in freeSSHd through 1.2.6 allows remote attackers to bypass authentication via a crafted session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c.
by Aris, kcope
CVE-2002-1359 METASPLOIT ruby
Cisco IOS - Denial of Service via Large SSH Packet Handling
Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code via buffer overflow attacks, as demonstrated by the SSHredder SSH protocol test suite.
CVE-2012-10060 METASPLOIT CRITICAL ruby
Sysax Multi Server <5.55 - Buffer Overflow
Sysax Multi Server versions prior to 5.55 contain a stack-based buffer overflow in its SSH service. When a remote attacker supplies an overly long username during authentication, the server copies the input to a fixed-size stack buffer without proper bounds checking. This allows remote code execution under the context of the service.
by Craig Freyman, sinn3r
CVSS 9.8
CVE-2008-1117 METASPLOIT ruby
Timbuktu Pro 8.6.5 - Path Traversal and Arbitrary File Write via Notes Feature
Directory traversal vulnerability in the Notes (aka Flash Notes or instant messages) feature in tb2ftp.dll in Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, allows remote attackers to upload files to arbitrary locations via a destination filename with a \ (backslash) character followed by ../ (dot dot slash) sequences. NOTE: this can be leveraged for code execution by writing to a Startup folder. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-4220.
by MC
CVE-2005-1213 METASPLOIT ruby
Microsoft Outlook Express <6 SP1 - Buffer Overflow
Stack-based buffer overflow in the news reader for Microsoft Outlook Express (MSOE.DLL) 5.5 SP2, 6, and 6 SP1 allows remote malicious NNTP servers to execute arbitrary code via a LIST response with a long second field.
CVE-2008-5159 METASPLOIT ruby
Client Software WinCom LPD Total < 3.0.2.623 - Denial of Service via Large String Length Argument
Integer overflow in the remote administration protocol processing in Client Software WinCom LPD Total 3.0.2.623 and earlier allows remote attackers to cause a denial of service (crash) via a large string length argument, which triggers memory corruption.
CVE-2003-1141 METASPLOIT ruby
NIPrint 4.10 - Remote Code Execution via Long String to TCP Port 515
Buffer overflow in NIPrint 4.10 allows remote attackers to execute arbitrary code via a long string to TCP port 515.
by hdm
CVE-2005-1815 METASPLOIT ruby
Hummingbird Connectivity 10.0.0.1 and 9.0.0.4 - Buffer Overflow via FTP or LPD Command
Multiple buffer overflows in Hummingbird Connectivity inetD 10.0.0.1 and 9.0.0.4 allows attackers to cause a denial of service and possibly execute arbitrary code via (1) an FTP command with a long argument to FTPD (ftpdw.exe) or (2) a large amount of data to LPD (Lpdw.exe).
by MC
CVE-2008-0621 METASPLOIT ruby
SAPLPD < 6.28 - Remote Code Execution via Long LPD Command Arguments
Buffer overflow in SAPLPD 6.28 and earlier included in SAP GUI 7.10 and SAPSprint before 1018 allows remote attackers to execute arbitrary code via long arguments to the (1) 0x01, (2) 0x02, (3) 0x03, (4) 0x04, and (5) 0x05 LPD commands.
By Source
All 3,315 Writeup 62,482 Exploitdb 50,076 Nomisec 22,450 Github 3,674 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,597 ruby 6,006 c 3,631 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 231 shell 133 go 73 postscript 25 typescript 25