1194 matches found
Microsoft Windows LNK File Code Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LNK Code Execution Vulnerability', 'Description' = %q This module exploits a vulnerability in the handling of Windows Shortcut files .LNK that...
Gopher gophermap Scanner
This module identifies Gopher servers, and processes the gophermap file which lists all the files on the server. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Gopher gophermap Scanner',...
OrientDB 2.2.x Remote Code Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OrientDB 2.2.x Remote Code Execution', 'Description' = %q This module leverages a privilege escalation on OrientDB to execute unsandboxed OS...
Sonicwall < 8.1.0.6-21sv - gencsr.cgi Command Injection Exploit
Exploit for cgi platform in category web applications Exploit Title: Sonicwall gencsr CGI Remote Command Injection Vulnerablity Date: 12/24/2016 Exploit Author: xort @ Critical Start Vendor Homepage: www.sonicwall.com Software Link: sonicwall.com/products/sra-virtual-appliance Version: 8.1.0.6-21...
Sonicwall 8.1.0.6-21sv - gencsr.cgi Command Injection (Metasploit)
Sonicwall 8.1.0.6-21sv - gencsr.cgi Command Injection Metasploit Exploit Title: Sonicwall gencsr CGI Remote Command Injection Vulnerablity Date: 12/24/2016 Exploit Author: xort @ Critical Start Vendor Homepage: www.sonicwall.com Software Link: sonicwall.com/products/sra-virtual-appliance Version:...
Sonicwall importlogo/sitecustomization Remote Command Injection
Exploit Title: Sonicwall importlogo/sitecustomization CGI Remote Command Injection Vulnerablity Date: 12/25/2016 Exploit Author: xort @ Critical Start Vendor Homepage: www.sonicwall.com Software Link: sonicwall.com/products/sra-virtual-appliance Version: 8.1.0.2-14sv Tested on: 8.1.0.2-14sv CVE :...
Sophos Web Appliance 4.3.0.2 Remote Command Injection
Exploit Title: Sophos Web Appliance reporting JSON trafficType Remote Command Injection Vulnerablity Date: 01/28/2017 Exploit Author: xort @ Critical Start Vendor Homepage: www.sophos.com Software Link: sophos.com/en-us/products/secure-web-gateway.aspx Version: 4.3.0.2 Tested on: 4.3.0.2 CVE :...
Sophos Web Appliance 4.3.0.2 - trafficType Remote Command Injection Exploit
Exploit for hardware platform in category web applications Exploit Title: Sophos Web Appliance reporting JSON trafficType Remote Command Injection Vulnerablity Date: 01/28/2017 Exploit Author: xort @ Critical Start Vendor Homepage: www.sophos.com Software Link:...
Identify Cisco Smart Install endpoints
This module attempts to connect to the specified Cisco Smart Install port and determines if it speaks the Smart Install Protocol. Exposure of SMI to untrusted networks can allow complete compromise of the switch. This module requires Metasploit: https://metasploit.com/download Current source:...
MantisBT password reset
MantisBT before 1.3.10, 2.2.4, and 2.3.1 are vulnerable to unauthenticated password reset. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MantisBT password reset', 'Description' = %q MantisBT...
Netgear DGN2200 - dnslookup.cgi Command Injection Exploit
Exploit for cgi platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'net/http' require "base64" class MetasploitModule "Netgear DGN2200 dnslookup.cgi Command Injection",...
Riverbed SteelHead VCX File Read
This module exploits an authenticated arbitrary file read in the log module's filter engine. SteelHead VCX VCX255U version 9.6.0a was confirmed as vulnerable. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...
EternalBlue: Metasploit Module for MS17-010
This week's release of Metasploit includes a scanner and exploit module for the EternalBlue vulnerability, which made headlines a couple of weeks ago when hacking group, the Shadow Brokers, disclosed a trove of alleged NSA exploits. Included among them, EternalBlue, exploits MS17-010, a Windows S...
Dup Scout Enterprise 9.5.14 Buffer Overflow Exploit
This Metasploit module exploits a stack-based buffer overflow vulnerability in the web interface of Dup Scout Enterprise v9.5.14, caused by improper bounds checking of the request path in HTTP GET requests sent to the built-in web server. This Metasploit module has been tested successfully on...
Dup Scout Enterprise 9.5.14 - GET Buffer Overflow (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Dup Scout Enterprise GET Buffer Overflow', 'Description' = %q This module exploits a stack-based buffer overflow vulnerability ...
Crypttech CryptoLog - Remote Code Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Crypttech CryptoLog Remote Code Execution", 'Description' = %q This module exploits the sql injection and command injection vulnerability of...
Heap Overflow Vulnerability in Citrix NetScaler Gateway (CVE-2017-7219)
After presenting my findings on the Swisscom router at the CybSecConference last year, I started looking for a new product to analyze. I quickly found that it’s possible to download virtual “demo” appliances of Citrix products, so I went on to download a Netscaler VPX, which at the time was at...
WordPress Traversal Directory DoS
Cross-site request forgery CSRF vulnerability in the wpajaxupdateplugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 allows remote attackers to hijack the authentication of subscribers for /dev/random read operations by leveraging a late call to the checkajaxreferer...
WePresent WiPG-1000 - Command Injection (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'WePresent WiPG-1000 Command Injection', 'Description' = %q This module exploits a command injection vulnerability in an...
WePresent WiPG-1000 Command Injection Exploit
This Metasploit module exploits a command injection vulnerability in an undocumented CGI file in several versions of the WePresent WiPG-1000 devices. Version 2.0.0.7 was confirmed vulnerable, 2.2.3.0 patched this vulnerability. This module requires Metasploit: http://metasploit.com/download Curre...