Graphite Web Unsafe Pickle Handling Exploit

This Metasploit module exploits a remote code execution vulnerability in the pickle handling of the rendering code in the Graphite Web project between version 0.9.5 and 0.9.10 both included. This file is part of the Metasploit Framework and may be subject to redistribution and commercial...

Graphite Web - Unsafe Pickle Handling (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Graphite Web Unsafe Pickle Handling',...

Foreman (Red Hat OpenStack/Satellite) Code Injection Vulnerability

This Metasploit module exploits a code injection vulnerability in the 'create' action of 'bookmarks' controller of Foreman and Red Hat OpenStack/Satellite Foreman 1.2.0-RC1 and earlier. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions...

Foreman (Red Hat OpenStack/Satellite) users/create Mass Assignment

This module exploits a mass assignment vulnerability in the 'create' action of 'users' controller of Foreman and Red Hat OpenStack/Satellite Foreman 1.2.0-RC1 and earlier by creating an arbitrary administrator account. For this exploit to work, your account must have 'createusers' permission e.g....

Oracle Linux 5 : libsoup (ELSA-2009-0344)

The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2009-0344 advisory. 2.2.98-2.el5.1 - Add patch for RH bug 488030 CVE-2009-0585, soupbase64encode. Tenable has extracted the preceding description block directly from the Oracle Lin...

InstantCMS 1.6 Remote PHP Code Execution

This module exploits an arbitrary PHP command execution vulnerability because of a dangerous use of eval in InstantCMS in versions 1.6 and prior. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule...

jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name

It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...

Carberp Web Panel C2 Backdoor Remote PHP Code Execution

This module exploits backdoors that can be found all over the leaked source code of the Carberp botnet C2 Web Panel. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Carberp Web Panel C2 Backdoo...

SAP SOAP RFC - SXPG_COMMAND_EXECUTE Remote Command Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ This module is based on, inspired by, or is a port of a...

SAP ConfigServlet Remote Unauthenticated Payload Execution

Exploit for windows platform in category remote exploits require 'msf/core' class Metasploit3 'SAP ConfigServlet Remote Code Execution', 'Description' = %q This module allows remote code execution via operating system commands through the SAP ConfigServlet without any authentication. , 'Author' =...

SAP ConfigServlet - Remote Payload Execution (Metasploit)

require 'msf/core' class Metasploit3 'SAP ConfigServlet Remote Code Execution', 'Description' = %q This module allows remote code execution via operating system commands through the SAP ConfigServlet without any authentication. , 'Author' = 'Dmitry Chastuhin', Vulnerability discovery based on the...

SAP ConfigServlet Remote Code Execution

This module allows remote code execution via operating system commands through the SAP ConfigServlet without any authentication. This module has been tested successfully with SAP NetWeaver 7.00 and 7.01 on Windows Server 2008 R2. This module requires Metasploit: https://metasploit.com/download...

jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name

It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...

STUNSHELL (Web Shell) - PHP Remote Code Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'STUNSHELL Web Shell Remote PHP Code...

RHEL 5 / 6 : jakarta-commons-httpclient (RHSA-2013:0680)

An updated jakarta-commons-httpclient package for JBoss Enterprise Application Platform 5.2.0 which fixes one security issue is now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerabili...

jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name

It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...

TP-Link Wireless Lite N Access Point Directory Traversal Vulnerability

This module tests whether a directory traversal vulnerability is present in versions of TP-Link Access Point 3.12.16 Build 120228 Rel.37317n. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule...

Apache Struts ParametersInterceptor Remote Code Execution

This module exploits a remote command execution vulnerability in Apache Struts versions 'Apache Struts ParametersInterceptor Remote Code Execution', 'Description' = %q This module exploits a remote command execution vulnerability in Apache Struts versions 'Meder Kydyraliev', Vulnerability Discove...

Linux Manage Download and Execute

This module downloads and runs a file with bash. It first tries to uses curl as its HTTP client and then wget if it's not found. Bash found in the PATH is used to execute the file. This module requires Metasploit: https://metasploit.com/download Current source:...

Glossword 1.8.12 Arbitrary File Upload

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "Glossword v1.8.8 ...