HP SiteScope issueSiebelCmd - Remote Code Execution (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rexml/document' class Metasploit3 /Apache-Coyote/ include REXML include Msf::Exploit::Remote::HttpClient include Msf::Exploit::CmdStagerVBS def...

Zimbra Collaboration Server LFI Vulnerability

This Metasploit module exploits a local file inclusion on Zimbra 8.0.2 and 7.2.2. The vulnerability allows an attacker to get the LDAP credentials from the localconfig.xml file. The stolen credentials allow the attacker to make requests to the service/admin/soap API. This can then be used to crea...

Synology DiskStation Manager SLICEUPLOAD Remote Command Execution

This Metasploit module exploits a vulnerability found in Synology DiskStation Manager DSM versions 4.x, which allows the execution of arbitrary commands under root privileges. The vulnerability is located in /webman/imageSelector.cgi, which allows to append arbitrary data to a given file using a ...

Zimbra Collaboration Server LFI

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rexml/document' class Metasploit3 'Zimbra Collaboration Server LFI', 'Description' = %q This module exploits a local file inclusion on Zimbra...

HP SiteScope issueSiebelCmd Remote Code Execution

This module exploits a code execution flaw in HP SiteScope. The vulnerability exists in the APISiteScopeImpl web service, specifically in the issueSiebelCmd method, which allows the user to execute arbitrary commands without authentication. This module has been tested successfully on HP SiteScope...

HP LoadRunner EmulationAdmin Web Service Directory Traversal

This module exploits a directory traversal vulnerability in version 11.52 of HP LoadRunner. The vulnerability exists in the EmulationAdmin web service, specifically in the copyFileToServer method, allowing the upload of arbitrary files. This module has been tested successfully on HP LoadRunner...

Red Hat CloudForms Management Engine 5.1 miq_policy/explorer SQL Injection

This module exploits a SQL injection vulnerability in the "explorer" action of "miqpolicy" controller of the Red Hat CloudForms Management Engine 5.1 ManageIQ Enterprise Virtualization Manager 5.0 and earlier by changing the password of the target account to the specified password. This module...

Eaton Network Shutdown Module 3.21 PHP Code Injection

Eaton Network Shutdown module versions 3.21 and below suffer from a remote PHP code injection vulnerability. This is a python exploit for a previously disclosed finding. !/usr/bin/env python Quick 'n' Dirty - Metasploit module didn't do it for me 2013 - Filip Waeytens - http://www.wsec.be Usage...

Eaton Network Shutdown Module 3.21 - Remote PHP Code Injection

Eaton Network Shutdown Module 3.21 - Remote PHP Code Injection !/usr/bin/env python Quick 'n' Dirty - Metasploit module didn't do it for me 2013 - Filip Waeytens - http://www.wsec.be Usage Example: $ python eaton.py 192.168.1.9 "net user" User accounts for \...

Cisco Prime Data Center Network Manager Arbitrary File Upload

This Metasploit module exploits a code execution flaw in Cisco Data Center Network Manager. The vulnerability exists in processImageSave.jsp, which can be abused through a directory traversal and a null byte injection to upload arbitrary files. The autodeploy JBoss application server feature is...

WordPress OptimizePress Theme File Upload

This Metasploit module exploits a vulnerability found in the the Wordpress theme OptimizePress. The vulnerability is due to an insecure file upload on the media-upload.php component, allowing an attacker to upload arbitrary PHP code. This Metasploit module has been tested successfully on...

Cisco Prime Data Center Network Manager - Arbitrary File Upload (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Cisco Prime Data Center Network Manager Arbitrary File Upload', 'Description' = %q This module exploits a code execution flaw in Cisc...

ABB MicroSCADA wserver.exe Remote Code Execution Vulnerability

Exploit for windows platform in category remote exploits require 'msf/core' class Metasploit3 'ABB MicroSCADA wserver.exe Remote Code Execution', 'Description' = %q This module exploits a remote stack buffer overflow vulnerability in ABB MicroSCADA. The issue is due to the handling of...

Microsoft Internet Explorer COALineDashStyleArray Unsafe Memory Access

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 EOS def initializeinfo= superupdateinfoinfo, 'Name' = "MS12-022 Microsoft Internet Explorer COALineDashStyleArray Unsafe Memory Access...

Apache Roller OGNL Injection Vulnerability

This Metasploit module exploits an OGNL injection vulnerability in Apache Roller 'Apache Roller OGNL Injection', 'Description' = %q This module exploits an OGNL injection vulnerability in Apache Roller 'Unknown', From coverity.com / Vulnerability discovery 'juan vazquez' Metasploit module ,...

Symantec Altiris DS - SQL Injection (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Symantec Altiris ...

HP Intelligent Management Center BIms UploadServlet - Directory Traversal (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 /Apache-Coyote/ include Msf::Exploit::Remote::HttpClient include Msf::Exploit::FileDropper def initializeinfo = superupdateinfoinfo,...

HP Data Protector Cell Request Service Buffer Overflow

This Metasploit module exploits a stack-based buffer overflow in the Hewlett-Packard Data Protector product. The vulnerability, due to the insecure usage of swprintf, exists at the Cell Request Service crs.exe when parsing packets with opcode 211. This Metasploit module has been tested successful...

HP Data Protector Cell Request Service Buffer Overflow

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'HP Data Protector Cell Request Servic...

Zabbix 2.0.8 SQL Injection and Remote Code Execution

This module exploits an unauthenticated SQL injection vulnerability affecting Zabbix versions 2.0.8 and lower. The SQL injection issue can be abused in order to retrieve an active session ID. If an administrator level user is identified, remote code execution can be gained by uploading and...