MS14-009 .NET Deployment Service IE Sandbox Escape

This module abuses a process creation policy in Internet Explorer's sandbox, specifically in the .NET Deployment Service dfsvc.exe, which allows the attacker to escape the Enhanced Protected Mode, and execute code with Medium Integrity. This module requires Metasploit:...

Buffer Overflows Patched in Yokogawa Control System Products

Patches for critical vulnerabilities in production control system software built by Yokogawa Electric Corp. of Japan are available, according to an advisory issued Tuesday by the Industrial Control System Cyber Emergency Response Team ICS-CERT. The advisory warns that there are publicly available...

AlienVault 4.6.1 SQL Injection Vulnerability

AlienVault 4.6.1 and below is susceptible to an authenticated SQL injection attack against newpolicyform.php using the 'insertinto' parameter. This Metasploit module exploits the lack of input filtering to read an arbitrary file from the file system. Any authenticated user is able to exploit this...

Advantech WebAccess DBVisitor.dll ChartThemeConfig SQL Injection

This module exploits a SQL injection vulnerability found in Advantech WebAccess 7.1. The vulnerability exists in the DBVisitor.dll component, and can be abused through malicious requests to the ChartThemeConfig web service. This module can be used to extract the site and project usernames and...

AlienVault 4.6.1 SQL Injection

Exploit Title: AlienVault newpolicyform.php SQLi Date: 5/9/2014 Exploit Author: chrisdhebertatgmail.com Vendor Homepage: http://www.alienvault.com/ Software Link: http://www.alienvault.com/free-downloads-services Version: 4.6.1 and below Tested on: Linux CVE : n/a Vendor Security Advisory :...

Adobe Flash Player Integer Underflow Remote Code Execution Exploit

This Metasploit module exploits a vulnerability found in the ActiveX component of Adobe Flash Player before 12.0.0.43. By supplying a specially crafted swf file it is possible to trigger an integer underflow in several avm2 instructions, which can be turned into remote code execution under the...

Struts2 远程命令执行

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Apache Struts ClassLoader Manipulation Remote Code Execution', 'Description' = %q This module...

Apache Struts ClassLoader Manipulation Remote Code Execution

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Apache Struts ClassLoader Manipulation Remote Code Execution', 'Description' = %q This module exploits a remote command execution...

mRemote Offline Password Decrypt

mRemote Offline Password Decrypt Based on Metasploit Module enummremotepwds.rb from David Maloney Autor: Adriano Marcio Monteiro E-mail: [email protected] Blog: adrianomarciomonteiro.blogspot.com.br Usage: ruby mRemoteOffPwdsDecrypt.rb confCons.xml require 'rexml/document' require...

MS14-012 Microsoft Internet Explorer CMarkup Use-After-Free

This Metasploit module exploits an use after free condition on Internet Explorer as used in the wild on the "Operation SnowMan" in February 2014. The module uses Flash Player 12 in order to bypass ASLR and finally DEP. This module requires Metasploit: http//metasploit.com/download Current source:...

WinRAR Filename Spoofing

This module abuses a filename spoofing vulnerability in WinRAR. The vulnerability exists when opening ZIP files. The file names showed in WinRAR when opening a ZIP file come from the central directory, but the file names used to extract and open contents come from the Local File Header. This...

WinRAR Filename Spoofing

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex/zip' class Metasploit3 'WinRAR Filename Spoofing', 'Description' = %q This module abuses a filename spoofing vulnerability in WinRAR. The...

JIRA Issues Collector Directory Traversal

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'JIRA Issues Collector Directory Traversal', 'Description' = %q This module exploits a directory traversal flaw in JIRA 6.0.3. The...

ibstat $PATH Privilege Escalation Exploit

Exploit for linux platform in category local exploits This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class Metasploit4 "ibstat $PATH Privilege Escalation", "Description" = %q This module exploits the trusted $PATH...

EMC CTA v10.0 Unauthenticated XXE Arbitrary File Read

EMC CTA v10.0 is susceptible to an unauthenticated XXE attack that allows an attacker to read arbitrary files from the file system with the permissions of the root user. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework...

AlienVault 4.5.0 SQL Injection

The following request is vulnerable to a SQL injection attack from authenticated users. GET /ossim/report/BusinessAndComplianceISOPCI/ISO27001Bar1.php?datefrom=2014-02-28&dateto=2014-03-30 HTTP/1.1 Host: 172.31.16.150 User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:26.0 Gecko/20100101...

EMC Cloud Tiering Appliance 10.0 - XML External Entity Arbitrary File Read (Metasploit)

EMC Cloud Tiering Appliance 10.0 - XML External Entity Arbitrary File Read Metasploit EMC Cloud Tiering Appliance v10.0 Unauthed XXE The following authentication request is susceptible to an XXE attack: POST /api/login HTTP/1.1 Host: 172.31.16.99 User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664;...

HP LaserJet Printer SNMP Enumeration

This module allows enumeration of files previously printed. It provides details as filename, client, timestamp and username information. The default community used is "public". This module requires Metasploit: https://metasploit.com/download Current source:...

Fitnesse Wiki - Remote Command Execution (Metasploit)

Fitnesse Wiki - Remote Command Execution Metasploit This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Fitnesse Wiki Remote Command Execution', 'Description' = %q This module exploits ...

LifeSize UVC Authenticated Remote Command Execution

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "LifeSize UVC Authenticated RCE via Ping", 'Description' = %q When authenticated as an administrator on LifeSize UVC 1.2.6, an attacke...