Dolphin3D 1.52 / 1.60 Command Execution Vulnerability

This Metasploit module exploits the default security setting in the Dolphin3D web browser. The default security setting "cautious" allows arbitrary ActiveX Controls, thus remote command execution. Dolphin3D web browser ActiveX Remote Command Execution Date: Dez 9 2012 Author: Rh0 Affected Version...

FreeFloat FTP Server Arbitrary File Upload

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "FreeFloat FTP...

Adobe IndesignServer 5.5 SOAP Server Arbitrary Script Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Adobe...

Microsoft Windows Authenticated Logged In Users Enumeration

This module uses a valid administrator username and password to enumerate users currently logged in, using a similar technique than the "psexec" utility provided by SysInternals. It uses reg.exe to query the HKU base registry key. This module requires Metasploit: https://metasploit.com/download...

Adobe IndesignServer 5.5 SOAP Server Arbitrary Script Execution

This module abuses the "RunScript" procedure provided by the SOAP interface of Adobe InDesign Server, to execute arbitrary vbscript Windows or applescript OSX. The exploit drops the payload on the server and must be removed manually. This module requires Metasploit: https://metasploit.com/downloa...

BlazeVideo HDTV Player Pro 6.6 Filename Handling Vulnerability

This Metasploit module exploits a vulnerability found in BlazeVideo HDTV Player's filename handling routine. When supplying a string of input data embedded in a .plf file, the MediaPlayerCtrl.dll component will try to extract a filename by using PathFindFileNameA, and then copies whatever the...

Oracle Database Client System Analyzer Arbitrary File Upload

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 /Oracle Containers for J2EE/ include...

SAP Web GUI Login Brute Forcer

This module attempts to brute force SAP username and passwords through the SAP Web GUI service. Default clients can be tested without needing to set a CLIENT. Common and default user/password combinations can be tested just setting the DEFAULTCRED variable to true. The...

SAP SOAP Service RFC_PING Login Brute Forcer

This module attempts to brute force SAP username and passwords through the /sap/bc/soap/rfc SOAP service, using RFCPING function. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module is based on, inspired by, o...

ManageEngine SecurityManager Plus 5.5 Directory Traversal

This module exploits a directory traversal flaw found in ManageEngine SecurityManager Plus 5.5 or less. When handling a file download request, the DownloadServlet class fails to properly check the 'f' parameter, which can be abused to read any file outside the virtual directory. This module...

ManageEngine Security Manager Plus 5.5 Build 5505 SQL Injection

This module exploits a SQL injection found in ManageEngine Security Manager Plus advanced search page, which results in remote code execution under the context of SYSTEM in Windows; or as the user in Linux. Authentication is not required in order to exploit this vulnerability. This module require...

AjaXplorer checkInstall.php Remote Command Execution

This module exploits an arbitrary command execution vulnerability in the AjaXplorer 'checkInstall.php' script. All versions of AjaXplorer prior to 2.6 are vulnerable. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework...

Deeply Flawed Apple-Owned Fingerprint Reader Software a Tough Fix

Now that word is out on a serious password bug in the ubiquitous UPEK Protector Suite fingerprint readers found in most new laptops today, Apple-owned Authentec surely will be able to fix the issue on the double. Not so fast, says one of the researchers looking at the problem. “It’s a system that...

Webmin /file/show.cgi Remote Command Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Webmin /file/show.cgi Remote Command...

Oracle BTM FlashTunnelService Remote Code Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Oracle Business Transaction Managemen...

Novell File Reporter Agent Arbitrary File Delete

NFRAgent.exe in Novell File Reporter allows remote attackers to delete arbitrary files via a full pathname in an SRS request with OPERATION set to 4 and CMD set to 5 against /FSF/CMD. This module has been tested successfully on NFR Agent 1.0.4.3 File Reporter 1.0.2 and NFR Agent 1.0.3.22 File...

Apple iOS MobileSafari LibTIFF Buffer Overflow

This module exploits a buffer overflow in the version of libtiff shipped with firmware versions 1.00, 1.01, 1.02, and 1.1.1 of the Apple iPhone. iPhones which have not had the BSD tools installed will need to use a special payload. This module requires Metasploit: https://metasploit.com/download...

HP SiteScope Remote Code Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 /Apache-Coyote/ include...

HP SiteScope SOAP Call getSiteScopeConfiguration Configuration Access

This module exploits an authentication bypass vulnerability in HP SiteScope which allows to retrieve the HP SiteScope configuration, including administrative credentials. It is accomplished by calling the getSiteScopeConfiguration operation available through the APISiteScopeImpl AXIS service. The...

Microsoft SQL Server Find and Sample Data

This script will search through all of the non-default databases on the SQL Server for columns that match the keywords defined in the TSQL KEYWORDS option. If column names are found that match the defined keywords and data is present in the associated tables, the script will select a sample of th...