Quantum vmPRO Backdoor Command

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'net/ssh' class Metasploit3 "Quantum vmPRO Backdoor Command", 'Description' = %q This module abuses a backdoor command in vmPRO 3.1.2. Any user,...

Quantum vmPRO Backdoor Command

This module abuses a backdoor command in Quantum vmPRO. Any user, even one without admin privileges, can get access to the restricted SSH shell. By using the hidden backdoor "shell-escape" command it's possible to drop to a real root bash shell. This module has been tested successfully on Quantum...

HP Data Protector - Backup Client Service Remote Code Execution (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'HP Data Protector Backup Client Service Remote Code Execution', 'Description' = %q This module abuses the Backup Client Service...

Huawei E355 contains a direct request vulnerability

Overview Huawei E355 USB WiFi adapter with firmware version: 21.157.37.01.910 has been reported to contain a direct request vulnerability in the web interface. CWE-425 Description Huawei E355 USB WiFi adapter with firmware version: 21.157.37.01.910 has been reported to contain a direct request...

ALLPlayer 2.8.1 - (.m3u file) Buffer Overflow (SEH)

This Metasploit module exploits a stack-based buffer overflow vulnerability in ALLPlayer 2.8.1, caused by a long string in a playlist entry. By persuading the victim to open a specially-crafted .M3U file, a remote attacker could execute arbitrary code on the system or cause the application to...

ALLPlayer M3U Buffer Overflow

This module exploits a stack-based buffer overflow vulnerability in ALLPlayer 5.8.1, caused by a long string in a playlist entry. By persuading the victim to open a specially-crafted .M3U file, a remote attacker could execute arbitrary code on the system or cause the application to crash. This...

Total Video Player 1.3.1 (Settings.ini) - SEH Buffer Overflow

This Metasploit module exploits a buffer overflow in Total Video Player 1.3.1. The vulnerability occurs opening malformed Settings.ini file e.g."C:\Program Files\Total Video Player". This Metasploit module has been tested successfully over Windows WinXp-Sp3-EN, Windows 7, Windows 8. This module...

GE Proficy CIMPLICITY gefebt.exe Remote Code Execution

This Metasploit module abuses the gefebt.exe component in GE Proficy CIMPLICITY, reachable through the CIMPLICIY CimWebServer. The vulnerable component allows to execute remote BCL files in shared resources. An attacker can abuse this behaviour to execute a malicious BCL and drop an arbitrary EXE...

Reflective DLL Injection, Reverse Hop HTTP/HTTPS Stager

Inject a DLL via a reflective loader. Tunnel communication over an HTTP or HTTPS hop point. Note that you must first upload data/hop/hop.php to the PHP server you wish to use as a hop. This module requires Metasploit: https://metasploit.com/download Current source:...

VNC Server (Reflective Injection), Reverse Hop HTTP/HTTPS Stager

Inject a VNC Dll via a reflective loader staged. Tunnel communication over an HTTP or HTTPS hop point. Note that you must first upload data/hop/hop.php to the PHP server you wish to use as a hop. This module requires Metasploit: https://metasploit.com/download Current source:...

Pandora FMS Remote Code Execution Exploit

This Metasploit module exploits a vulnerability found in Pandora FMS 5.0RC1 and lower. It will leverage an unauthenticated command injection in the Anyterm service on port 8023. Commands are executed as the user "pandora". In Pandora FMS 4.1 and 5.0RC1 the user "artica" is not assigned a password...

Apache Struts - Developer Mode OGNL Execution (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Apache Struts Developer Mode OGNL Execution', 'Description' = %q This module exploits a remote command execution vulnerability in...

Skybluecanvas CMS - Remote Code Execution (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'SkyBlueCanvas CMS Remote Code Execution', 'Description' = %q This module exploits an arbitrary command execution vulnerability in...

Apache Struts Developer Mode OGNL Execution Exploit

This Metasploit module exploits a remote command execution vulnerability in Apache Struts 2. The problem exists on applications running in developer mode, where the DebuggingInterceptor allows evaluation and execution of OGNL expressions, which allows remote attackers to execute arbitrary Java...

SkyBlueCanvas CMS Remote Code Execution

This module exploits an arbitrary command execution vulnerability in SkyBlueCanvas CMS version 1.1 r248-03 and below. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SkyBlueCanvas CMS Remote Co...

HP Data Protector Backup Client Service Directory Traversal

This Metasploit module exploits a directory traversal vulnerability in the Hewlett-Packard Data Protector product. The vulnerability exists at the Backup Client Service OmniInet.exe when parsing packets with opcode 42. This Metasploit module has been tested successfully on HP Data Protector 6.20 ...

IBM Lotus Sametime WebPlayer DoS

This module exploits a known flaw in the IBM Lotus Sametime WebPlayer version 8.5.2.1392 and prior to cause a denial of service condition against specific users. For this module to function the target user must be actively logged into the IBM Lotus Sametime server and have the Sametime Audio Visu...

SerComm Network Device Backdoor Detection

This module can identify SerComm manufactured network devices which contain a backdoor, allowing command injection or account disclosure. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SerComm...

IBM Lotus Notes Sametime User Enumeration

This module extracts usernames using the IBM Lotus Notes Sametime web interface using either a dictionary attack which is preferred, or a bruteforce attack trying all usernames of MAXDEPTH length or less. This module requires Metasploit: https://metasploit.com/download Current source:...

Synology DiskStation Manager远程命令执行漏洞

CVE ID:CVE-2013-6955 Synology DiskStation Manager 是第一个提供网络多任务处理用户接口的NAS操作系统。 该漏洞是位于/ webman/ imageSelector.cgi,允许攻击者以root权限执行任意命。 0 Synology DiskStation Manager 4.x 目前厂商暂无提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http:// www.synology.com This module requires Metasploit: http//metasploit.com/downlo...