Hashicorp Consul Remote Command Execution via Services API

This module exploits Hashicorp Consul's services API to gain remote command execution on Consul nodes. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Hashicorp Consul Remote Command Execution...

Docker Server Version Scanner

This module attempts to identify the version of a Docker Server running on a host. If you wish to see all the information available, set VERBOSE to true. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...

phpMyAdmin Authenticated Remote Code Execution

phpMyAdmin v4.8.0 and v4.8.1 are vulnerable to local file inclusion, which can be exploited post-authentication to execute PHP code by application. The module has been tested with phpMyAdmin v4.8.1. This module requires Metasploit: https://metasploit.com/download Current source:...

Quest KACE Systems Management - Command Injection (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Quest KACE Systems Management Command Injection', 'Description' = %q This module exploits a command injection vulnerability in Quest KACE Systems...

phpMyAdmin 4.x Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'phpMyAdmin Authenticated Remote Code Execution', 'Description' = %q phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before...

CVE-2017-16129

The HTTP client module superagent is vulnerable to ZIP bomb attacks. In a ZIP bomb attack, the HTTP server replies with a compressed response that becomes several magnitudes larger once uncompressed. If a client does not take special care when processing such responses, it may result in excessive...

CVE-2017-16129

The HTTP client module superagent is vulnerable to ZIP bomb attacks. In a ZIP bomb attack, the HTTP server replies with a compressed response that becomes several magnitudes larger once uncompressed. If a client does not take special care when processing such responses, it may result in excessive...

DEBIAN-CVE-2017-16129

The HTTP client module superagent is vulnerable to ZIP bomb attacks. In a ZIP bomb attack, the HTTP server replies with a compressed response that becomes several magnitudes larger once uncompressed. If a client does not take special care when processing such responses, it may result in excessive...

Cross site request forgery (csrf)

The HTTP client module superagent is vulnerable to ZIP bomb attacks. In a ZIP bomb attack, the HTTP server replies with a compressed response that becomes several magnitudes larger once uncompressed. If a client does not take special care when processing such responses, it may result in excessive...

CVE-2017-16129

The HTTP client module superagent is vulnerable to ZIP bomb attacks. In a ZIP bomb attack, the HTTP server replies with a compressed response that becomes several magnitudes larger once uncompressed. If a client does not take special care when processing such responses, it may result in excessive...

CVE-2017-16129

The HTTP client module superagent is vulnerable to ZIP bomb attacks. In a ZIP bomb attack, the HTTP server replies with a compressed response that becomes several magnitudes larger once uncompressed. If a client does not take special care when processing such responses, it may result in excessive...

CVE-2017-16129

The HTTP client module superagent is vulnerable to ZIP bomb attacks. In a ZIP bomb attack, the HTTP server replies with a compressed response that becomes several magnitudes larger once uncompressed. If a client does not take special care when processing such responses, it may result in excessive...

CVE-2017-16026

Request is an http client. If a request is made using multipart, and the body type is a number, then the specified number of non-zero memory is passed in the body. This affects Request =2.2.6 2.51.0 =2.67.0...

Cross site request forgery (csrf)

Request is an http client. If a request is made using multipart, and the body type is a number, then the specified number of non-zero memory is passed in the body. This affects Request =2.2.6 2.51.0 =2.67.0...

CVE-2017-16026

Request is an http client. If a request is made using multipart, and the body type is a number, then the specified number of non-zero memory is passed in the body. This affects Request =2.2.6 2.51.0 =2.67.0...

CVE-2017-16026

The CVE-2017-16026 issue affects the Node.js request module: when making a multipart request and the body is a number, the specified amount of non-zero memory may be disclosed to the recipient. Affected versions are 2.2.6 through 2.47.0 and 2.51.0 through 2.67.0. Root cause is a memory exposure i...

CVE-2017-16026

Request is an http client. If a request is made using multipart, and the body type is a number, then the specified number of non-zero memory is passed in the body. This affects Request =2.2.6 2.51.0 =2.67.0...

CVE-2017-16026

Request is an http client. If a request is made using multipart, and the body type is a number, then the specified number of non-zero memory is passed in the body. This affects Request =2.2.6 2.51.0 =2.67.0...

Mantis Bug Tracker 1.1.3 - 'manage_proj_page' PHP Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Mantis manageprojpage PHP Code Execution', 'Description' = %q Mantis v1.1.3 and earlier are vulnerable to a post-authentication Remote Code...

Drupal Drupalgeddon 2 Forms API Property Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Drupal Drupalgeddon 2 Forms API Property Injection', 'Description' = %q This module exploits a Drupal property injection in the Forms API. Drupal...