osCommerce Installer Unauthenticated Code Execution

If the /install/ directory was not removed, it is possible for an unauthenticated attacker to run the "install4.php" script, which will create the configuration file for the installation. This allows the attacker to inject PHP code into the configuration file and execute it. This module requires...

ManageEngine Applications Manager 13.5 - Remote Code Execution Exploit

Exploit for java platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ManageEngine Applications Manager Remote Code Execution", 'Description' = %q This module...

GitStack Unsanitized Argument RCE

This module exploits a remote code execution vulnerability that exists in GitStack through v2.3.10, caused by an unsanitized argument being passed to an exec function call. This module has been tested on GitStack v2.3.10. This module requires Metasploit: https://metasploit.com/download Current...

GoAhead Web Server LD_PRELOAD Arbitrary Module Load

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GoAhead Web Server LDPRELOAD Arbitrary Module Load', 'Description' = %q This module triggers an arbitrary shared library load vulnerability in...

phpCollab 2.5.1 - File Upload (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'phpCollab 2.5.1 Unauthenticated File Upload', 'Description' = %q This module exploits a file upload vulnerability in phpCollab 2.5.1 which could ...

D-Link DNS-320L 'mydlinkBRionyg' Backdoor

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "D-Link DNS-320L 'mydlinkBRionyg' Backdoor", 'Description' = %q This module exploits two issues. The first issue is that there is a hard coded...

Dup Scout Enterprise 10.0.18 Buffer Overflow Exploit

This Metasploit module exploits a stack buffer overflow in Dup Scout Enterprise version 10.0.18. The buffer overflow exists via the web interface during login. This gives NT AUTHORITY\SYSTEM access. This module requires Metasploit: https://metasploit.com/download Current source:...

Dup Scout Enterprise 10.0.18 Buffer Overflow

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Dup Scout Enterprise Login Buffer Overflow', 'Description' = %q This module exploits a stack buffer overflow in Dup Scout Enterprise 10.0.18. The...

D-Link DIR-850L Unauthenticated Command Execution Exploit

This Metasploit module leverages an unauthenticated credential disclosure vulnerability to execute arbitrary commands on DIR-850L routers as an authenticated user. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework requi...

Web Viewer 1.0.0.193 (Samsung SRN-1670D) File Upload

Exploit Title: Unrestricted file upload vulnerability - Web Viewer 1.0.0.193 on Samsung SRN-1670D Date: 2017-06-19 Exploit Author: Omar MEZRAG - 0xFFFFFF / www.realistic-security.com Vendor Homepage: https://www.hanwhasecurity.com Version: Web Viewer 1.0.0.193 on Samsung SRN-1670D Tested on: Web...

Mako Server 2.5 - OS Command Injection Remote Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Mako Server v2.5 OS Command Injection RCE', 'Description' = %q This module exploits a vulnerability found in Mako Server v2.5. It's possible to...

SSRF vulnerability in Recurly gem's Resource#find.

If you are using the find method on any of the classes that are derived from the Resource class and you are passing user input into that method, a malicious user can force the http client to reach out to a server under their control. This can lead to leakage of your private API key. Because of th...

OpenJDK: HTTP client insufficient check for newline in URLs (Networking, 8176751)

It was found that the HttpURLConnection and HttpsURLConnection classes in the Networking component of OpenJDK failed to check for newline characters embedded in URLs. An attacker able to make a Java application perform an HTTP request using an attacker provided URL could possibly inject additiona...

HTTP Client in JIRA does not accept RFC6265 compliant date format in "Expires" cookie header

When using AWS Application Load Balancer, the following WARN log messages are shown in the logs, as JIRA does not understand the "Expires" header used for sticky sessions. code:java 2017-09-27 01:44:47,292 HealthCheck:thread-7 WARN o.a.h.client.protocol.ResponseProcessCookies Invalid cookie heade...

Carel PlantVisor 2.4.4 Directory Traversal

require 'msf/core' class MetasploitModule 'Carel Pl@ntVisor Directory Traversal', 'Description' = %q This module exploits a directory traversal vulnerability found in Carel Pl@ntVisor 'james fitts' , 'License' = MSFLICENSE, 'References' = 'CVE', '2011-3487' , 'BID', '49601' , , 'DisclosureDate' =...

EMC CMCNE 11.2.1 - FileUploadController Remote Code Execution Exploit

Exploit for java platform in category remote exploits require 'msf/core' class MetasploitModule 'EMC CMCNE FileUploadController Remote Code Execution', 'Description' = %q This module exploits a fileupload vulnerability found in EMC Connectrix Manager Converged Network Edition MSFLICENSE, 'Author'...

Cloudview NMS 2.00b - Arbitrary File Upload (Metasploit)

Cloudview NMS 2.00b - Arbitrary File Upload Metasploit require 'msf/core' class MetasploitModule 'Cloudview NMS File Upload', 'Description' = %q This module exploits a file upload vulnerability found within Cloudview NMS 'james fitts' , 'License' = MSFLICENSE, 'References' = 'URL', '0day' ,...

Cloudview NMS < 2.00b - Arbitrary File Upload Exploit

Exploit for windows platform in category remote exploits require 'msf/core' class MetasploitModule 'Cloudview NMS File Upload', 'Description' = %q This module exploits a file upload vulnerability found within Cloudview NMS 'james fitts' , 'License' = MSFLICENSE, 'References' = 'URL', '0day' ,...

Carel PlantVisor 2.4.4 - Directory Traversal Information Disclosure (Metasploit)

require 'msf/core' class MetasploitModule 'Carel Pl@ntVisor Directory Traversal', 'Description' = %q This module exploits a directory traversal vulnerability found in Carel Pl@ntVisor 'james fitts' , 'License' = MSFLICENSE, 'References' = 'CVE', '2011-3487' , 'BID', '49601' , , 'DisclosureDate' =...

Trend Micro Control Manager - ImportFile Directory Traversal RCE Exploit

Exploit for windows platform in category remote exploits require 'msf/core' require 'msf/core/exploit/phpexe' class MetasploitModule 'Trend Micro Control Manager importFile Directory Traversal RCE', 'Description' = %q This module exploits a directory traversal vulnerability found in Trend Micro...