1194 matches found
Reliable Datagram Sockets (RDS) rds_atomic_free_op Privilege Escalation Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Reliable Datagram Sockets RDS rdsatomicfreeop NULL pointer dereference Privilege Escalation', 'Description' = %q This module attempts to gain roo...
DLINK DWL-2600 Authenticated Remote Command Injection
Some DLINK Access Points are vulnerable to an authenticated OS command injection. Default credentials for the web interface are admin/admin. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'DLIN...
vReliable Datagram Sockets (RDS) rds_page_copy_user Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Reliable Datagram Sockets RDS rdspagecopyuser Privilege Escalation', 'Description' = %q This module exploits a vulnerability in the rdspagecopyus...
OpenNetAdmin 18.1.1 - Command Injection Exploit #RCE
Exploit for php platform in category web applications class MetasploitModule 'OpenNetAdmin Ping Command Injection', 'Description' = %q This module exploits a command injection in OpenNetAdmin between 8.5.14 and 18.1.1. , 'Author' = 'mattpascoe', Vulnerability discovery 'Onur ER ' Metasploit modul...
OpenNetAdmin 18.1.1 - Command Injection Exploit (Metasploit)
OpenNetAdmin 18.1.1 - Command Injection Exploit Metasploit class MetasploitModule 'OpenNetAdmin Ping Command Injection', 'Description' = %q This module exploits a command injection in OpenNetAdmin between 8.5.14 and 18.1.1. , 'Author' = 'mattpascoe', Vulnerability discovery 'Onur ER ' Metasploit...
CVE-2019-25066
creationtimestamp| type| source ---|---|--- 2019-12-01 16:21:16+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/ajentiauthusernamecmdinjection.rb 2022-06-09 20:33:27+00:00| seen| https://t.me/cibsecurity/44116 2025-10-23 21:12:58+00:00| seen|...
Bludit - Directory Traversal Image File Upload (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Bludit Directory Traversal Image File Upload Vulnerability", 'Description' = %q This module exploits a vulnerability in Bludit. A remote user cou...
Xorg X11 Server Local Privilege Escalation Exploit
This Metasploit module has been tested with AIX 7.1 and 7.2, and should also work with 6.1. Due to permission restrictions of the crontab in AIX, this module does not use cron, and instead overwrites /etc/passwd in order to create a new user with root privileges. All currently logged in users nee...
Carel pCOWeb HVAC Modbus Interface Authentication Bypass
Advisory: Unauthenticated Access to Modbus Interface in Carel pCOWeb HVAC As part of it's features, the Carel pCOWeb card exposes a Modbus interface to the network. By design, Modbus does not provide authentication, allowing to control the affected system. Details ======= Product: HVAC units usin...
Xorg X11 Server SUID modulepath Privilege Escalation Exploit
This Metasploit module attempts to gain root privileges with SUID Xorg X11 server versions 1.19.0 up to 1.20.3. A permission check flaw exists for -modulepath and -logfile options when starting Xorg. This allows unprivileged users that can start the server the ability to elevate privileges and ru...
ASX to MP3 converter 3.1.3.7 - (.asx) Local Stack Overflow (DEP Bypass) Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "ASX to MP3 converter 3.1.3.7 - '.asx' Local Stack Overflow DEP", 'Description' = %q This module exploits a stack buffer overfl...
Exploit for Improper Input Validation in Microsoft
PoC exploit for CVE-2019-0604, a SharePoint RCE vulnerability. T...
LibreNMS - Collectd Command Injection (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LibreNMS Collectd Command Injection', 'Description' = %q This module exploits a command injection vulnerability in the Collectd graphing...
October CMS Upload Protection Bypass Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'October CMS Upload Protection Bypass Code Execution', 'Description' = %q This module exploits an Authenticated user with permission to upload and...
Microsoft Windows 10 UAC Protection Bypass Via Windows Store
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows 10 UAC Protection Bypass Via Windows Store WSReset.exe', 'Description' = %q This module exploits a flaw in the WSReset.exe Windows Store...
LibreNMS Collectd Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LibreNMS Collectd Command Injection', 'Description' = %q This module exploits a command injection vulnerability in the Collectd graphing...
Windows 10 UAC Protection Bypass Via Windows Store (WSReset.exe) And Registry Exploit
This Metasploit module exploits a flaw in the WSReset.exe file associated with the Windows Store. This binary has autoelevate privs, and it will run a binary file contained in a low-privilege registry location. By placing a link to the binary in the registry location, WSReset.exe will launch the...
Windows 10 UAC Protection Bypass Via Windows Store (WSReset.exe) and Registry
This module exploits a flaw in the WSReset.exe file associated with the Windows Store. This binary has autoelevate privs, and it will run a binary file contained in a low-privilege registry location. By placing a link to the binary in the registry location, WSReset.exe will launch the binary as a...
Ubiquiti airOS Arbitrary File Upload
This module exploits a pre-auth file upload to install a new root user to /etc/passwd and an SSH key to /etc/dropbear/authorizedkeys. FYI, /etc/passwd,dropbear/authorizedkeys will be overwritten. /etc/persistent/rc.poststart will be overwritten if PERSISTETC is true. This method is used by the "m...
ManageEngine Application Manager 14.2 Privilege Escalation / Remote Command Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ManageEngine Application Manager v14.2 - Privilege Escalation / Remote Command Execution", 'Description' = %q This module exploits sqli and comman...