Oracle Secure Backup Authentication Bypass/Command Injection Vulnerability

This module exploits an authentication bypass vulnerability in login.php. In conjunction with the authentication bypass issue, the 'jlist' parameter in propertybox.php can be used to execute arbitrary system commands. This module was tested against Oracle Secure Backup version 10.3.0.1.0 This...

Joomla 1.5 com_virtuemart <= 1.1.7 Blind time-based SQL Injection (MSF)

Exploit for php platform in category web applications Exploit Title: Joomla 1.5 comvirtuemart 'Joomla 1.5 VirtueMart Component %q A vulnerability was discovered by Rocco Calvi and Steve Seeley which identifies unauthenticated time-based blind SQL injection in the "page" variable of the virtuemart...

Joomla! Component com_virtuemart 1.1.7/1.5 - Blind SQL Injection (Metasploit)

Exploit Title: Joomla 1.5 comvirtuemart 'Joomla 1.5 VirtueMart Component %q A vulnerability was discovered by Rocco Calvi and Steve Seeley which identifies unauthenticated time-based blind SQL injection in the "page" variable of the virtuemart component. This vulnerability allows an attacker to...

HP OpenView Network Node Manager Toolbar.exe CGI Cookie Handling Buffer Overflow

This module exploits a stack buffer overflow in HP OpenView Network Node Manager 7.0 and 7.53. By sending a CGI request with a specially OvOSLocale cookie to Toolbar.exe, an attacker may be able to execute arbitrary code. Please note that this module only works against a specific build i.e. NNM...

Fedora Update for httpcomponents-client FEDORA-2011-7747

Check for the Version of httpcomponents-client OpenVAS Vulnerability Test Fedora Update for httpcomponents-client FEDORA-2011-7747 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...

CVE-2011-1498

Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header...

CVE-2011-1498

Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header...

CVE-2011-1498

Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header...

CVE-2011-1498

CVE-2011-1498 : Apache HttpClient (HttpComponents) 4.x release before 4.1.1 is vulnerable when used with an authenticating proxy; the Proxy-Authorization header is sent to the origin server, potentially logging sensitive credentials and exposing passwords. The description does not specify affecte...

Kleophatra v0.1.5 'TinyBrowser' File Upload Code Execution (meta)

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

Kleophatra 0.1.5 TinyBrowser File Upload Code Execution

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...

Spreecommerce < 0.50.0 Arbitrary Command Execution

Exploit for unix platform in category remote exploits $Id: spreesearchlogicexec.rb 12397 2011-04-21 19:38:42Z swtornio $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more informatio...

HP NNM CGI webappmon.exe OvJavaLocale Buffer Overflow

$Id: hpnnmwebappmonovjavalocale.rb 12087 2011-03-23 03:39:12Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Citrix Access Gateway Command Execution

$Id: citrixaccessgatewayexec.rb 11873 2011-03-03 20:51:12Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

SAP Management Console getStartProfile

This module simply attempts to access the SAP startup profile through the SAP Management Console SOAP Interface. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SAP Management Console...

Redmine SCM Repository Arbitrary Command Execution

$Id: redminescmexec.rb 11414 2010-12-25 14:43:13Z swtornio $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Redmine SCM Repository Arbitrary Command Execution

This module exploits an arbitrary command execution vulnerability in the Redmine repository controller. The flaw is triggered when a rev parameter is passed to the command line of the SCM tool without adequate filtering. This module requires Metasploit: https://metasploit.com/download Current...

ColdFusion 8.0.1 - Arbitrary File Upload / Execution (Metasploit)

$Id: coldfusionfckeditor.rb 11127 2010-11-24 19:35:38Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

SAP BusinessObjects Web User Bruteforcer

This module simply attempts to bruteforce SAP BusinessObjects users by using CmcApp. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SAP BusinessObjects Web User Bruteforcer', 'Description' =...

SAP BusinessObjects User Enumeration

This module simply attempts to enumerate SAP BusinessObjects users. The dswsbobje interface is only used to verify valid users for CmcApp. Therefore, any valid users that have been identified can be leveraged by logging into CmcApp. This module requires Metasploit: https://metasploit.com/download...