1194 matches found
Adobe Flash Player UncompressViaZlibVariant Uninitialized Memory Exploit
This Metasploit module exploits an uninitialized memory vulnerability in Adobe Flash Player. The vulnerability occurs in the ByteArray::UncompressViaZlibVariant method, which fails to initialize allocated memory. When using a correct memory layout this vulnerability leads to a ByteArray object...
WordPress InBoundio Marketing 2.0 Shell Upload Exploit
This Metasploit module exploits an arbitrary file upload in the WordPress InBoundio Marketing plugin version 2.0. It allows you to upload arbitrary php files and get remote code execution. This Metasploit module has been tested successfully on WordPress InBoundio Marketing 2.0.3 with Wordpress...
Wordpress Plugin Reflex Gallery arbitrary file upload Exploit
This Metasploit module exploits an arbitrary PHP code upload in the WordPress Reflex Gallery version 3.1.3. The vulnerability allows for arbitrary file upload and remote code execution. This module requires Metasploit: http://metasploit.com/download Current source:...
WordPress Creative Contact Form Upload
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Wordpress Creative Contact Form Upload Vulnerability', 'Description' = %q This module exploits an arbitrary PHP code upload in the...
WordPress Work The Flow Upload
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Wordpress Work The Flow Upload Vulnerability', 'Description' = %q This module exploits an arbitrary PHP code upload in the WordPress...
Wordpress Reflex Gallery Upload Vulnerability
This module exploits an arbitrary PHP code upload in the WordPress Reflex Gallery version 3.1.3. The vulnerability allows for arbitrary file upload and remote code execution. This module requires Metasploit: https://metasploit.com/download Current source:...
D-Link/TRENDnet NCC Service Command Injection
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'D-Link/TRENDnet NCC Service Command Injection', 'Description' = %q This module exploits a remote command injection vulnerability on...
Lenovo System Update - Local Privilege Escalation (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Lenovo System Update Privilege Escalation', 'Description' = %q The named pipe, \SUPipeServer, can be accessed by normal users to interact with the...
RIPS Scanner Directory Traversal
This module exploits a directory traversal vulnerability in the RIPS Scanner v0.54, allowing to read arbitrary files with the web server privileges. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModu...
The Ghost vulnerability the GHOST remote using the EXP-bug warning-the black bar safety net
This article demonstrates one of the Ghost vulnerability the GHOST of EXP, this EXP is Metasploit a module. This Metasploit module can be remote exploit CVE-2 0 1 5-0 2 3 5 out of glibc library gethostbyname function heap overflow vulnerability vulnerability, the goal is to run the Exim mail...
TWiki Debugenableplugins Remote Code Execution Exploit
TWiki versions 4.0.x through 6.0.0 contain a vulnerability in the Debug functionality. The value of the debugenableplugins parameter is used without proper sanitization in an Perl eval statement which allows remote code execution. This module requires Metasploit: http://metasploit.com/download...
TWiki Debugenableplugins - Remote Code Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'TWiki Debugenableplugins Remote Code Execution', 'Description' = %q TWiki 4.0.x-6.0.0 contains a vulnerability in the Debug...
TWiki Debugenableplugins Remote Code Execution
TWiki 4.0.x-6.0.0 contains a vulnerability in the Debug functionality. The value of the debugenableplugins parameter is used without proper sanitization in an Perl eval statement which allows remote code execution. This module requires Metasploit: https://metasploit.com/download Current source:...
iPass Mobile Client Service Privilege Escalation
The named pipe, \IPEFSYSPCPIPE, can be accessed by normal users to interact with the iPass service. The service provides a LaunchAppSysMode command which allows to execute arbitrary commands as SYSTEM. This module requires Metasploit: https://metasploit.com/download Current source:...
IPass Control Pipe Remote Command Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'IPass Control Pipe Remote Command Execution', 'Description' = %q This module exploits a vulnerability in the IPass Client service...
Microsoft Windows Shell LNK Code Execution
This module exploits a vulnerability in the MS10-046 patch to abuse again the handling of Windows Shortcut files .LNK that contain an icon resource pointing to a malicious DLL. This creates an SMB resource to provide the payload and the trigger, and generates a LNK file which must be sent to the...
HP Data Protector 8.10 Remote Command Execution Exploit
Exploit for windows platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'HP Data Protector 8.10 Remote Command Execution', 'Description' = %q This...
Nvidia Mental Ray Satellite Service Arbitrary DLL Injection
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Nvidia Mental Ray Satellite Service Arbitrary DLL Injection', 'Description' = %q The Nvidia Mental Ray Satellite Service listens for...
PHPMoAdmin 1.1.2 Remote Code Execution
This module exploits an arbitrary PHP command execution vulnerability due to a dangerous use of eval in PHPMoAdmin. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'PHPMoAdmin 1.1.2 Remote Code...
Solarwinds Orion Service SQL Injection Vulnerability
Various remote SQL injection vulnerabilities exist in the core Orion service used in most of the Solarwinds products. Affected products include Network Performance Monitor below version 11.5, NetFlow Traffic Analyzer below version 4.1, Network Configuration Manager below version 7.3.2, IP Address...