ManageEngine Application Manager 14.2 - Privilege Escalation Remote Command Execution (Metasploit)

ManageEngine Application Manager 14.2 - Privilege Escalation Remote Command Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ManageEngine Application Manager v14.2 - Privileg...

ManageEngine Application Manager 14.2 - Privilege Escalation / Remote Command Execution Exploit

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ManageEngine Application Manager v14.2 - Privilege Escalation / Remote Command Execution", 'Description' = %q This module exploits sqli and comman...

Ahsay Backup 7.x - 8.1.1.50 - Authenticated Arbitrary File Upload Remote Code Execution (Metasploit)

Ahsay Backup 7.x - 8.1.1.50 - Authenticated Arbitrary File Upload Remote Code Execution Metasploit Exploit Title: Authenticated insecure file upload and code execution flaw in Ahsay Backup v7.x - v8.1.1.50. Metasploit Date: 26-6-2019 Exploit Author: Wietse Boonstra Vendor Homepage:...

Microsoft Windows NtUserSetWindowFNID Win32k User Callback

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows NtUserSetWindowFNID Win32k User Callback', 'Description' = %q An elevation of privilege vulnerability exists in Windows when the Win32k...

Microsoft Windows Remote Desktop - 'BlueKeep' Denial of Service (Metasploit)

Exploit Title: Bluekeep Denial of Service metasploit module Shodan Dork: port:3389 Date: 07/14/2019 Exploit Author: RAMELLA Sebastien https://github.com/mekhalleh/ Vendor Homepage: https://microsoft.com Version: all affected RDP services by cve-2019-0708 Tested on: Windows XP 32-bits / Windows 7...

Microsoft Windows RDP BlueKeep Denial Of Service

Exploit Title: Bluekeep Denial of Service metasploit module Shodan Dork: port:3389 Date: 07/14/2019 Exploit Author: RAMELLA Sebastien https://github.com/mekhalleh/ Vendor Homepage: https://microsoft.com Version: all affected RDP services by cve-2019-0708 Tested on: Windows XP 32-bits / Windows 7...

Xymon useradm Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Xymon useradm Command Execution', 'Description' = %q This module exploits a command injection vulnerability in Xymon versions before 4.3.25 which...

Nagios XI Magpie_debug.php Root Remote Code Execution Exploit

This Metasploit module exploits two vulnerabilities in Nagios XI 5.5.6. One allows for unauthenticated remote code execution and another allows for local privilege escalation. When combined, these two vulnerabilities give us a root reverse shell. This module requires Metasploit:...

Cisco Prime Infrastructure Runrshell Privilege Escalation Exploit

Exploit for hardware platform in category remote exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco Prime Infrastructure Runrshell Privilege Escalation', 'Description' = %q This...

Working BlueKeep Exploit Developed by DHS

The Department of Homeland Security has confirmed it has developed a working exploit for the “wormable” BlueKeep vulnerability. The agency issued an alert on Monday urging Windows users to update their machines as soon as possible. The alert heightens concerns that malicious actors could soon als...

Cisco Prime Infrastructure Runrshell Privilege Escalation

This modules exploits a vulnerability in Cisco Prime Infrastructure's runrshell binary. The runrshell binary is meant to execute a shell script as root, but can be abused to inject extra commands in the argument, allowing you to execute anything as root. This module requires Metasploit:...

LibreNMS addhost Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LibreNMS addhost Command Injection', 'Description' = %q This module exploits a command injection vulnerability in the open source network...

Yum Package Manager Persistence Exploit

This Metasploit module will run a payload when the package manager is used. No handler is run automatically so you must configure an appropriate exploit/multi/handler to connect. Module modifies a yum plugin to launch a binary of choice. grep -F 'enabled=1' /etc/yum/pluginconf.d/ will show what...

ManageEngine Applications Manager 11.0 < 14.0 - SQL Injection / Remote Code Execution Exploit

This Metasploit module exploits SQL injection and command injection vulnerabilities in ManageEngine AM 14 and prior versions. An unauthenticated user can gain the authority of "system" on the server due to the SQL injection vulnerability. The exploit allows the writing of the desired file to the...

WordPress 5.0.0 crop-image Shell Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Crop-image Shell Upload', 'Description' = %q This module exploits a path traversal and a local file inclusion vulnerability on WordPres...

IBM BigFix Relay Server Sites and Package Enum

This module retrieves masthead, site, and available package information from IBM BigFix Relay Servers. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'IBM BigFix Relay Server Sites and Package...

CVE-2018-16660

creationtimestamp| type| source ---|---|--- 2019-03-06 04:00:36+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/impervasecuresphereexec.rb 2025-10-23 21:12:58+00:00| seen| MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7...

Usermin 1.750 - Remote Command Execution Exploit

Exploit for linux platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class MetasploitModule 'Usermin 1.750 - Remote Command Execution', 'Description' ...

NUUO NVRmini upgrade_handle.php Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NUUO NVRmini upgradehandle.php Remote Command Execution', 'Description' = %q This exploits a vulnerability in the web application of NUUO NVRmini...

JVC/Siemens/Vanderbilt IP-Camera Readfile Password Disclosure

SIEMENS IP-Camera CVMS2025-IR + CCMS2025, JVC IP-Camera VN-T216VPRU, and Vanderbilt IP-Camera CCPW3025-IR + CVMW3025-IR allow an unauthenticated user to disclose the username & password by requesting the javascript page 'readfile.cgi?query=ADMINID'. Siemens firmwares affected: x.2.2.1798,...