Microsoft Windows Unquoted Service Path Privilege Escalation Exploit

This Metasploit module exploits a logic flaw due to how the lpApplicationName parameter is handled. When the lpApplicationName contains a space, the file name is ambiguous. Take this file path as example: C:\program files\hello.exe; The Windows API will try to interpret this as two possible paths...

CVE-2020-11491

creationtimestamp| type| source ---|---|--- 2020-04-16 16:13:04+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/zenloadbalancertraversal.rb 2025-10-23 21:12:58+00:00| seen| MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7...

TP-Link Archer A7/C7 Unauthenticated LAN Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'openssl' class MetasploitModule 'TP-Link Archer A7/C7 Unauthenticated LAN Remote Code Execution', 'Description' = %q This module exploits a command injection...

Vesta Control Panel 0.9.8-26 - Authenticated Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Vesta Control Panel Authenticated Remote Code Execution", 'Description' = %q This module exploits command injection vulnerability in...

DotNetNuke Cookie Deserialization Remote Code Execution Exploit

This Metasploit module exploits a deserialization vulnerability in DotNetNuke DNN versions 5.0.0 through 9.3.0-RC. Vulnerable versions store profile information for users in the DNNPersonalization cookie as XML. The expected structure includes a "type" attribute to instruct the server which type ...

CVE-2018-11218

creationtimestamp| type| source ---|---|--- 2020-03-29 01:12:02+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/redis/redisreplicationcmdexec.rb 2025-10-23 21:12:58+00:00| seen| MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7...

Redis Replication Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Redis Replication Code Execution', 'Description' = %q This module can be used to leverage the extension functionality added since Redis 4.0.0 to...

DLINK DWL-2600 Authenticated Remote Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'DLINK DWL-2600 Authenticated Remote Command Injection', 'Description' = %q Some DLINK Access Points are vulnerable to an authenticated OS command...

D-Link DWL-2600 Authenticated Remote Command Injection Exploit

This Metasploit module exploits some DLINK Access Points that are vulnerable to an authenticated OS command injection. Default credentials for the web interface are admin/admin. This module requires Metasploit: https://metasploit.com/download Current source:...

Exploit for Classic Buffer Overflow in Microsoft

PoC exploit for CVE-2017-7269, a buffer overflow vulnerability in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services IIS 6.0 in Microsoft Windows Server 2003 R2. The exploit is implemented as a Metasploit module, which allows for remote code execution via a...

PHPStudy - Backdoor Remote Code execution Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "PHPStudy Backdoor Remote Code execution", 'Description' = %q This module can detect and exploit the backdoor of PHPStudy. , 'License' = MSFLICENS...

Nagios XI - Authenticated Remote Command Execution Exploit

This Metasploit module exploits a vulnerability in Nagios XI versions before 5.6.6 in order to execute arbitrary commands as root. The module uploads a malicious plugin to the Nagios XI server and then executes this plugin by issuing an HTTP GET request to download a system profile from the serve...

PHP-FPM 7.x Remote Code Execution Exploit

This Metasploit module exploits an underflow vulnerability in PHP-FPM versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 of PHP-FPM on Nginx. Only servers with certain Nginx + PHP-FPM configurations are exploitable. This is a port of the original neex's exploit code see refs...

Google Chrome 67 / 68 / 69 Object.create Type Confusion

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Google Chrome 67, 68 and 69 Object.create exploit', 'Description' = %q This modules exploits a type confusion in Google Chromes JIT compiler. The...

Google Chrome 72 / 73 Array.map Corruption

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Google Chrome 72 and 73 Array.map exploit', 'Description' = %q This module exploits an issue in Chrome 73.0.3683.86 64 bit. The exploit corrupts...

CVE-2019-25065

creationtimestamp| type| source ---|---|--- 2020-02-21 14:58:53+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/opennetadminpingcmdinjection.rb 2025-10-23 21:12:58+00:00| seen| MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7...

CVE-2020-8010 Nimbus protocol allows unauth read/write/execute

CA Unified Infrastructure Management Nimsoft/UIM 9.20 and below contains an improper ACL handling vulnerability in the robot controller component. A remote attacker can execute commands, read from, or write to the target system. Recent assessments: busterb at August 04, 2020 5:44pm UTC reported:...

D-Link Devices - Unauthenticated Remote Command Execution in ssdpcgi Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'D-Link Devices Unauthenticated Remote Command Execution in ssdpcgi', 'Description' = %q D-Link Devices Unauthenticated Remote Command Execution i...

Wago PFC200 - Authenticated Remote Code Execution Exploit

Exploit for hardware platform in category web applications Exploit Title: Wago PFC200 - Authenticated Remote Code Execution Metasploit Exploit Author: Nico Jansen 0x483d Vendor Homepage: https://www.wago.com/ Version: 'Wago PFC200 authenticated remote code execution', 'Description' = %q The Wago...

XXEinjector

This is an exploit module/toolkit targeting XXE XML eXternal Entity vulnerabilities. The primary CVE ID is not explicitly stated, but the tool is designed to automate exploitation of XXE vulnerabilities using direct and out-of-band methods. The target product/service is likely web applications,...