HP Intelligent Management Center BIms UploadServlet - Directory Traversal (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 /Apache-Coyote/ include Msf::Exploit::Remote::HttpClient include Msf::Exploit::FileDropper def initializeinfo = superupdateinfoinfo,...

HP Data Protector Cell Request Service Buffer Overflow

This Metasploit module exploits a stack-based buffer overflow in the Hewlett-Packard Data Protector product. The vulnerability, due to the insecure usage of swprintf, exists at the Cell Request Service crs.exe when parsing packets with opcode 211. This Metasploit module has been tested successful...

HP Data Protector Cell Request Service Buffer Overflow

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'HP Data Protector Cell Request Servic...

Zabbix 2.0.8 SQL Injection and Remote Code Execution

This module exploits an unauthenticated SQL injection vulnerability affecting Zabbix versions 2.0.8 and lower. The SQL injection issue can be abused in order to retrieve an active session ID. If an administrator level user is identified, remote code execution can be gained by uploading and...

ClipBucket Remote Code Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "ClipBucket Remote...

SIEMENS Solid Edge ST4 SEListCtrlX ActiveX Remote Code Execution Vulnerability

This Metasploit module exploits the SEListCtrlX ActiveX installed with the SIEMENS Solid Edge product. The vulnerability exists on several APIs provided by the control, where user supplied input is handled as a memory pointer without proper validation, allowing an attacker to read and corrupt...

Raidsonic NAS Devices - Remote Command Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Raidsonic NAS Devices Unauthenticated...

MS13-069 Microsoft Internet Explorer CCaret Use-After-Free

This Metasploit module exploits a use-after-free vulnerability found in Internet Explorer, specifically in how the browser handles the caret text cursor object. In IE's standards mode, the caret handling's vulnerable state can be triggered by first setting up an editable page with an input field,...

PCMAN FTP Server Post-Authentication STOR Command Stack Buffer Overflow

This module exploits a buffer overflow vulnerability found in the STOR command of the PCMAN FTP v2.07 Server when the "/../" parameters are also sent to the server. Please note authentication is required in order to trigger the vulnerability. The overflowing string will also be seen on the FTP...

Western Digital Arkeia Remote Code Execution Vulnerability

This Metasploit module exploits a vulnerability found in Western Digital Arkeia Appliance version 10.0.10 and lower. By abusing the upload.php file from the scripts directory, a malicious user can upload arbitrary code to the ApplianceUpdate file in the temp directory without any authentication...

PCMAN FTP 2.07 STOR Command - Stack Overflow Exploit (MSF)

Exploit for windows platform in category remote exploits require 'msf/core' class Metasploit3 'PCMAN FTP Server STOR Command Stack Overflow', 'Description' = %q This module exploits a buffer overflow vulnerability found in the STOR command of the PCMAN FTP v2.07 Server when the "/../" parameters...

Sophos Web Protection Appliance sblistpack Arbitrary Command Execution

This Metasploit module exploits a command injection vulnerability on Sophos Web Protection Appliance 3.7.9, 3.8.0 and 3.8.1. The vulnerability exists on the sblistpack component, reachable from the web interface without authentication. This Metasploit module has been tested successfully on Sophos...

A-PDF WAV to MP3 v1.0.0 Buffer Overflow

This module exploits a buffer overflow in A-PDF WAV to MP3 v1.0.0. When the application is used to import a specially crafted m3u file, a buffer overflow occurs allowing arbitrary code execution. This module requires Metasploit: https://metasploit.com/download Current source:...

Agnitum Outpost Internet Security Local Privilege Escalation

This module exploits a directory traversal vulnerability on Agnitum Outpost Internet Security 8.1. The vulnerability exists in the acs.exe component, allowing the user to load arbitrary DLLs through the acsipcserver named pipe, and finally execute arbitrary code with SYSTEM privileges. This modul...

Mac OS X Sudo Password Bypass Vulnerability

This Metasploit module gains a session with root permissions on versions of OS X with sudo binary vulnerable to CVE-2013-1775. Tested working on Mac OS 10.7-10.8.4, and possibly lower versions. If your session belongs to a user with Administrative Privileges the user is in the sudoers file and is...

Oracle Endeca Server Remote Command Execution

This module exploits a command injection vulnerability on the Oracle Endeca Server 7.4.0. The vulnerability exists on the createDataStore method from the controlSoapBinding web service. The vulnerable method only exists on the 7.4.0 branch and isn't available on the 7.5.5.1 branch. In addition, t...

Cogent DataHub HTTP Server Buffer Overflow

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Cogent DataHub HTTP Server Buffer...

Chasys Draw IES Buffer Overflow Vulnerability

This Metasploit module exploits a buffer overflow vulnerability found in Chasys Draw IES version 4.10.01. The vulnerability exists in the module fltBMP.dll, while parsing BMP files, where the ReadFile function is used to store user provided data on the stack in a insecure way. It results in...

Joomla Media Manager File Upload Vulnerability

This Metasploit module exploits a vulnerability found in Joomla 2.5.x up to 2.5.13, as well as 3.x up to 3.1.4 versions. The vulnerability exists in the Media Manager component, which comes by default in Joomla, allowing arbitrary file uploads, and results in arbitrary code execution. The module...

Raidsonic NAS Devices Unauthenticated Remote Command Execution

Different Raidsonic NAS devices are vulnerable to OS command injection via the web interface. The vulnerability exists in timeHandler.cgi, which is accessible without authentication. This module has been tested with the versions IB-NAS5220 and IB-NAS4220. Since this module is adding a new user an...