1194 matches found
Wolf CMS Metasploit Module Arbitrary File Upload Vulnerability
Wolf CMS is a content management system CMS.Metasploit is one of the security vulnerability detection tool components. An arbitrary file upload vulnerability exists in the Metasploit module of Wolf CMS version 0.8.2. An attacker can use this vulnerability to upload arbitrary files to the /public...
Wolf CMS Metasploit module arbitrary file upload vulnerability (CNVD-2016-04300)
Wolf CMS is a content management system CMS.Metasploit is one of the security vulnerability detection tool components. An arbitrary file upload vulnerability exists in the Metasploit module of Wolf CMS version 0.8.2. An attacker can use this vulnerability to upload arbitrary files to the /public...
SSH Key Persistence
This module will add an SSH key to a specified user or all, to allow remote login via SSH at any time. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'sshkey' class MetasploitModule 'SSH Key Persistence',...
Tomabo M3U SEH Based Stack Buffer Overflow
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Tomabo M3U SEH Based Stack Buffer Overflow', 'Description' = %q This module exploits a stack over flow in Tomabo MP4 Player...
Ubiquiti airOS - Arbitrary File Upload (Metasploit)
Exploit for unix platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ubiquiti airOS Arbitrary File Upload', 'Description' = %q This module exploits a pre-auth fi...
Oracle ATS Arbitrary File Upload
This module exploits an authentication bypass and arbitrary file upload in Oracle Application Testing Suite OATS, version 12.4.0.2.0 and unknown earlier versions, to upload and execute a JSP shell. This module requires Metasploit: https://metasploit.com/download Current source:...
Advantech Webaccess Dashboard Viewer - Arbitrary File Upload (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "Advantech WebAccess Dashboard Viewer Arbitrary File Upload", 'Description' = %q This module exploits an arbitrary file upload...
Exim - 'perl_startup' Privilege Escalation (Metasploit)
Exploit for linux platform in category local exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Exim "perlstartup" Privilege Escalation', 'Description' = %q This module exploits a Perl...
Exim "perl_startup" Privilege Escalation
This module exploits a Perl injection vulnerability in Exim 'Exim "perlstartup" Privilege Escalation', 'Description' = %q This module exploits a Perl injection vulnerability in Exim 'Dawid Golunski', Vulnerability discovery 'wvu' Metasploit module , 'References' = %wCVE 2016-1531, %wEDB 39549,...
Novell Service Desk 7.1.0 Code Execution / Information Disclosure
Hi, Novell Service Desk now rebranded as Micro Focus Service Desk 7.1.0 and below has a number of critical vulnerabilities that allow remote code execution, information disclosure, etc, by authenticated users. Check the full advisory below for details. Novell / Micro Focus have documented these...
Novell ServiceDesk Authenticated File Upload
This module exploits an authenticated arbitrary file upload via directory traversal to execute code on the target. It has been tested on versions 6.5 and 7.1.0, in Windows and Linux installations of Novell ServiceDesk, as well as the Virtual Appliance provided by Novell. This module requires...
Apache Jetspeed Arbitrary File Upload
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Jetspeed Arbitrary File Upload', 'Description' = %q This module exploits the unsecured User Manager REST API and a ZIP file path traversal ...
PHP Utility Belt - Remote Code Execution (Metasploit)
Exploit for php platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'PHP Utility Belt Remote Code Execution', 'Description' = %q This module exploit...
Environmental Systems Corporation Data Controllers Vulnerabilities
OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-16-147-01A Environmental Systems Corporation Data Controllers Vulnerabilities that was published June 2, 2016, on the NCCIC/ICS-CERT web site. Independent researcher Maxim Rupp has identified data controller...
Microsoft Windows - NetAPI32.dll Code Execution (Python) (MS08-067)
Microsoft Windows - NetAPI32.dll Code Execution Python MS08-067 import struct import time import sys from threading import Thread Thread is imported incase you would like to modify try: from impacket import smb from impacket import uuid from impacket import dcerpc from impacket.dcerpc.v5 import...
http-vuln-cve2014-3704 NSE Script
Exploits CVE-2014-3704 also known as 'Drupageddon' in Drupal. Versions 7.32 of Drupal core are known to be affected. Vulnerability allows remote attackers to conduct SQL injection attacks via an array containing crafted keys. The script injects new Drupal administrator user via login form and the...
Xdh / LinuxNet Perlbot / fBot IRC Bot Remote Code Execution Exploit
This Metasploit module allows remote command execution on an IRC Bot developed by xdh. This perl bot was caught by Conor Patrick with his shellshock honeypot server and is categorized by Markus Zanke as an fBot Fire & Forget - DDoS Bot. Matt Thayer also found this script which has a description o...
China Chopper Caidao PHP Backdoor Code Execution
This module takes advantage of the China Chopper Webshell that is commonly used by Chinese hackers. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'China Chopper Caidao PHP Backdoor Code...
Th3 MMA mma.php Backdoor Arbitrary File Upload
This module exploits Th3 MMA mma.php Backdoor which allows an arbitrary file upload that leads to arbitrary code execution. This backdoor also echoes the Linux kernel version or operating system version because of the phpuname function. This module requires Metasploit:...
Wordpress Ajax Load More PHP Upload Vulnerability
This module exploits an arbitrary file upload in the WordPress Ajax Load More version 2.8.1.1. It allows to upload arbitrary php files and get remote code execution. This module has been tested successfully on WordPress Ajax Load More 2.8.0 with Wordpress 4.1.3 on Ubuntu 12.04/14.04 Server. This...