Record Oracle Patch Update Addresses ShadowBrokers, Struts 2 Vulnerabilities

Oracle released its biggest Critical Patch Update ever on Tuesday, and with it came added urgency in the form of patches for the Solaris vulnerabilities exposed by the ShadowBrokers last week, as well as the recent Apache Struts 2 vulnerability, also under public attack. In all, Oracle admins hav...

Huawei HG532n Command Injection

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'base64' class MetasploitModule 'Huawei HG532n Command Injection', 'Description' = %q This module exploits a command injection vulnerability in...

Alienvault OSSIM/USM 5.3.4/5.3.5 - Remote Command Execution Exploit

Exploit for php platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'AlienVault USM/OSSIM API Command Execution', 'Description' = %q This modu...

PCMAN FTP Server 2.0.7 MKD Buffer Overflow Exploit

Exploit for windows platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'PCMAN FTP Server Buffer Overflow - MKD Command', 'Description' = %q Th...

BlueCoat CAS 1.3.7.1 Privilege Escalation

Exploit Title: OS Command Injection Vulnerability in BlueCoat ASG and CAS Date: April 3, 2017 Exploit Authors: Chris Hebert, Peter Paccione and Corey Boyd Contact: chrisdhebertatgmail.com Vendor Security Advisory: https://bto.bluecoat.com/security-advisory/sa138 Version: CAS 1.3 prior to 1.3.7.4 ...

Exploit for Classic Buffer Overflow in Microsoft

fixed msf module for cve-2017-7269 fix not work when length...

Nuxeo Platform 6.x / 7.x Shell Upload Exploit

Exploit for php platform in category web applications Description Nuxeo Platform is a content management system for enterprises CMS. It embeds an Apache Tomcat server, and can be managed through a web interface. One of its features allows authenticated users to import files to the platform. By...

Lenovo System Update - Privilege Escalation Exploit

Exploit for windows platform in category local exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Lenovo System Update Privilege Escalation', 'Description' = %q The named pipe,...

Netgear DGN2200 dnslookup.cgi Command Injection

This module exploits a command injection vulnerablity in NETGEAR DGN2200v1/v2/v3/v4 routers by sending a specially crafted post request with valid login details. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require...

AlienVault OSSIM/USM Remote Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "AlienVault OSSIM/USM Remote Code Execution", 'Description' = %q This module exploits object injection, authentication bypass an...

AlienVault OSSIM/USM Remote Code Execution Exploit

This Metasploit module exploits object injection, authentication bypass and ip spoofing vulnerabilities all together. Unauthenticated users can execute arbitrary commands under the context of the root user. By abusing authentication bypass issue on gauge.php lead adversaries to exploit object...

Sophos Web Appliance 4.2.1.3 Remote Command Execution Exploit

Exploit for linux platform in category remote exploits Exploit Title: Sophos Web Appliance diagnostictools wget Remote Command Injection Vulnerablity Date: 12/12/2016 Exploit Author: xort @ Critical Start Vendor Homepage: www.sophos.com Software Link:...

Sophos Web Appliance 4.2.1.3 Remote Command Execution

Exploit Title: Sophos Web Appliance diagnostictools wget Remote Command Injection Vulnerablity Date: 12/12/2016 Exploit Author: xort @ Critical Start Vendor Homepage: www.sophos.com Software Link: sophos.com/en-us/products/secure-web-gateway.aspx Version: 4.2.1.3 Tested on: 4.2.1.3 CVE :...

Geutebrueck GCore - GCoreServer.exe Buffer Overflow RCE

This module exploits a stack Buffer Overflow in the GCore server GCoreServer.exe. The vulnerable webserver is running on Port 13003 and Port 13004, does not require authentication and affects all versions from 2003 till July 2016 Version 1.4.YYYYY. This module requires Metasploit:...

HP Smart Storage Administrator 2.30.6.0 Remote Command Injection

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "HP Smart Storage Administrator Remote Command Injection", 'Description' = %q This module exploits a vulnerability found in HP Smart...

HP Smart Storage Administrator 2.30.6.0 - Remote Command Injection Exploit

Exploit for multiple platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "HP Smart Storage Administrator Remote Command Injection", 'Description' = ...

AlienVault OSSIM/USM < 5.3.1 - Remote Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "AlienVault OSSIM/USM Remote Code Execution", 'Description' = %q This module exploits object injection, authentication bypass an...

Cisco WebEx Chrome Extension RCE (CVE-2017-3823)

This module exploits a vulnerability present in the Cisco WebEx Chrome Extension version 1.0.1 which allows an attacker to execute arbitrary commands on a system. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...

Advantech WebAccess 8.1 Post Authentication Credential Collector

This module allows you to log into Advantech WebAccess 8.1, and collect all of the credentials. Although authentication is required, any level of user permission can exploit this vulnerability. Note that 8.2 is not suitable for this. This module requires Metasploit: https://metasploit.com/downloa...

Mozilla Firefox nsSMILTimeContainer::NotifyTimeChange() Remote Code Execution Exploit

This Metasploit module exploits an out-of-bounds indexing/use-after-free condition present in nsSMILTimeContainer::NotifyTimeChange across numerous versions of Mozilla Firefox on Microsoft Windows. This module requires Metasploit: http://metasploit.com/download Current source:...