Apple Quicktime 7 Invalid Atom Length Buffer Overflow

This module exploits a vulnerability found in Apple Quicktime. The flaw is triggered when Quicktime fails to properly handle the data length for certain atoms such as 'rdrf' or 'dref' in the Alis record, which may result a buffer overflow by loading a specially crafted .mov file, and allows...

Corel PDF Fusion Stack Buffer Overflow

This module exploits a stack-based buffer overflow vulnerability in version 1.11 of Corel PDF Fusion. The vulnerability exists while handling a XPS file with long entry names. In order for the payload to be executed, an attacker must convince the target user to open a specially crafted XPS file...

Apache Rave User Information Disclosure

This module exploits an information disclosure in Apache Rave 0.20 and prior. The vulnerability exists in the RPC API, which allows any authenticated user to disclose information about all the users, including their password hashes. In order to authenticate, the user can provide his own...

Microsoft to patch Six critical Remote Code Execution vulnerabilities this Tuesday

Microsoft has announced Patch Tuesday for this July Month, with seven bulletins. Out of that, one is important kernel privilege escalation flaw and six critical Remote Code Execution vulnerabilities. Patch will address vulnerabilities in Microsoft Windows, .Net Framework, Silverlight and will app...

ABBS Audio Media Player .LST Buffer Overflow

Exploit for windows platform in category local exploits require 'msf/core' class Metasploit3 'ABBS Audio Media Player .LST Buffer Overflow', 'Description' = %q This module exploits a buffer overflow in ABBS Audio Media Player. The vulnerability occurs when adding an .lst, allowing arbitrary code...

InstantCMS 1.6 Remote PHP Code Execution Vulnerability

This Metasploit module exploits an arbitrary php command execution vulnerability, because of a dangerous use of eval, in InstantCMS versions 1.6. require 'msf/core' class Metasploit3 'InstantCMS 1.6 Remote PHP Code Execution', 'Description' = %q This module exploits an arbitrary php command...

ABBS Audio Media Player .LST Buffer Overflow

This module exploits a buffer overflow in ABBS Audio Media Player. The vulnerability occurs when adding a specially crafted .lst file, allowing arbitrary code execution with the privileges of the user running the application. This module has been tested successfully on ABBS Audio Media Player 3.1...

Sun Java Web Start Double Quote Injection Vulnerability

This Metasploit module exploits a flaw in the Web Start component of the Sun Java Runtime Environment. Parameters intial-heap-size and max-heap-size in a JNLP file can contain a double quote which is not properly sanitized when creating the command line for javaw.exe. This allows the injection of...

Novell Zenworks Mobile Device Management Admin Credentials

This module attempts to pull the administrator credentials from a vulnerable Novell Zenworks MDM server. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Novell Zenworks Mobile Device Management...

SAP SMB Relay Abuse

This module exploits provides several SMB Relay abuse through different SAP services and functions. The attack is done through specially crafted requests including a UNC Path which will be accessing by the SAP system while trying to process the request. In order to get the hashes the...

CouchDB Enum Utility

This module enumerates databases on CouchDB using the REST API without authentication by default. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'CouchDB Enum Utility', 'Description' = %q This...

phpMyAdmin - 'preg_replace' (Authenticated) Remote Code Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'phpMyAdmin Authenticated Remote Code...

phpMyAdmin Authenticated Remote Code Execution via preg_replace()

This module exploits a PREGREPLACEEVAL vulnerability in phpMyAdmin's replaceprefixtbl within libraries/multsubmits.inc.php via dbsettings.php This affects versions 3.5.x 5.4.6 are not vulnerable. This module requires Metasploit: https://metasploit.com/download Current source:...

SAP ConfigServlet OS Command Execution

This module allows execution of operating system commands through the SAP ConfigServlet without any authentication. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SAP ConfigServlet OS Command...

SAP ConfigServlet OS Command Execution

Exploit for multiple platform in category remote exploits require 'msf/core' class Metasploit3 'SAP ConfigServlet OS command execution', 'Description' = %q This module allows execution of operating system commands through the SAP ConfigServlet without any authentication. , 'Author' = 'Dmitry...

MongoDB nativeHelper.apply Remote Code Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

HP System Management Homepage Local Privilege Escalation Vulnerability

HP System Management Homepage versions 7.1.2 and below include a setuid root smhstart which is vulnerable to a local buffer overflow in the SSLSHAREBASEDIR env variable. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the...

HP Intelligent Management ReportImgServlt Directory Traversal

This module exploits a lack of authentication and a directory traversal in HP Intelligent Management, specifically in the ReportImgServlt, in order to retrieve arbitrary files with SYSTEM privileges. This module has been tested successfully on HP Intelligent Management Center 5.1 E0202 over Windo...

Linksys E1500/E2500 apply.cgi Remote Command Injection

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Linksys E1500/E2500 apply.cgi Remote...

"Ra1NX" PHP Bot pubcall Authentication Bypass Remote Code Execution

Exploit for php platform in category web applications Exploit Title: "Ra1NX" PHP Bot pubcall Authentication Bypass Remote Code Execution Date: March 24, 2013 Exploit Author: bwall Software Link: https://defense.ballastsecurity.net/decoding/index.php?hash=69401ac90262f3855c23cd143d7d2ae0 Version:...