Return-oriented programming (ROP) is an exploit technique that populates the stack with return addresses, each returns to an existing code fragment (known as a gadget) that executes a few instructions before performing a return instruction. Chaining together, these gadgets allow attackers to perform arbitrary operations on a machine.
Return-oriented programming is more powerful than more primitive buffer overflow exploits because it bypasses the usual OS and hardware restriction of not allowing the stack to be executable.