HP System Management Homepage Local Privilege Escalation Vulnerability

HP System Management Homepage versions 7.1.2 and below include a setuid root smhstart which is vulnerable to a local buffer overflow in the SSLSHAREBASEDIR env variable. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the...

HP Intelligent Management ReportImgServlt Directory Traversal

This module exploits a lack of authentication and a directory traversal in HP Intelligent Management, specifically in the ReportImgServlt, in order to retrieve arbitrary files with SYSTEM privileges. This module has been tested successfully on HP Intelligent Management Center 5.1 E0202 over Windo...

Linksys E1500/E2500 apply.cgi Remote Command Injection

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Linksys E1500/E2500 apply.cgi Remote...

Ra1NX PHP Bot Authentication Bypass Remote Code Execution

Exploit Title: "Ra1NX" PHP Bot pubcall Authentication Bypass Remote Code Execution Date: March 24, 2013 Exploit Author: bwall Software Link: https://defense.ballastsecurity.net/decoding/index.php?hash=69401ac90262f3855c23cd143d7d2ae0 Version: v2.0 Tested on: Ubuntu require 'msf/core' class...

"Ra1NX" PHP Bot pubcall Authentication Bypass Remote Code Execution

Exploit for php platform in category web applications Exploit Title: "Ra1NX" PHP Bot pubcall Authentication Bypass Remote Code Execution Date: March 24, 2013 Exploit Author: bwall Software Link: https://defense.ballastsecurity.net/decoding/index.php?hash=69401ac90262f3855c23cd143d7d2ae0 Version:...

D-Link DIR 645 Password Extractor

This module exploits an authentication bypass vulnerability in DIR 645 'D-Link DIR 645 Password Extractor', 'Description' = %q This module exploits an authentication bypass vulnerability in DIR 645 'OSVDB', '90733' , 'BID', '58231' , 'PACKETSTORM', '120591' , 'Author' = 'Roberto Paleari ',...

Nagios Remote Plugin Executor Arbitrary Command Execution

The Nagios Remote Plugin Executor NRPE is installed to allow a central Nagios server to actively poll information from the hosts it monitors. NRPE has a configuration option dontblamenrpe which enables command-line arguments to be provided remote plugins. When this option is enabled, even when NR...

KingView Log File Parsing Buffer Overflow

This module exploits a vulnerability found in KingView "KingView Log File Parsing Buffer Overflow", 'Description' = %q This module exploits a vulnerability found in KingView MSFLICENSE, 'Author' = 'Lucas Apa', Vulnerability discovery 'Carlos Mario Penagos Hollman', Vulnerability discovery...

Firebird Relational Database CNCT Group Number Buffer Overflow

This Metasploit module exploits a vulnerability in Firebird SQL Server. A specially crafted packet can be sent which will overwrite a pointer allowing the attacker to control where data is read from. Shortly, following the controlled read, the pointer is called resulting in code execution. The...

BigAnt Server DUPF Command Arbitrary File Upload Vulnerability

This Metasploit module exploits an arbitrary file upload vulnerability in BigAnt Server 2.97 SP7. A lack of authentication allows to make unauthenticated file uploads through a DUPF command. Additionally the filename option in the same command can be used to launch a directory traversal attack an...

BigAnt Server 2 SCH And DUPF Buffer Overflow

This exploits a stack buffer overflow in BigAnt Server 2.97 SP7. The vulnerability is due to the dangerous usage of strcpy while handling errors. This module uses a combination of SCH and DUPF request to trigger the vulnerability, and has been tested successfully against version 2.97 SP7 over...

Polycom HDX Telnet Authorization Bypass Vulnerability

The Polycom HDX is a series of telecommunication and video devices. The telnet component of Polycom HDX video endpoint devices is vulnerable to an authorization bypass when multiple simultaneous connections are repeatedly made to the service, allowing remote network attackers to gain full access ...

Foxit Reader Plugin URL Processing Buffer Overflow

This module exploits a vulnerability in the Foxit Reader Plugin, it exists in the npFoxitReaderPlugin.dll module. When loading PDF files from remote hosts, overly long query strings within URLs can cause a stack-based buffer overflow, which can be exploited to execute arbitrary code. This exploit...

Novell Groupwise Agents HTTP Directory Traversal

This module exploits a directory traversal vulnerability in Novell Groupwise. The vulnerability exists in the web interface of both the Post Office and the MTA agents. This module has been tested successfully on Novell Groupwise 8.02 HP2 over Windows 2003 SP2. This module requires Metasploit:...

Nagios3 history.cgi Host Command Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' class Metasploit3 'Nagios3 history.cgi Hos...

FreeSSHd 1.2.6 Authentication Bypass

require 'msf/core' require 'tempfile' class Metasploit3 "Freesshd Authentication Bypass", 'Description' = %q This module exploits a vulnerability found in FreeSSHd MSFLICENSE, 'Author' = 'Aris', Vulnerability discovery and Exploit 'kcope', 2012 Exploit 'Daniele Martini ' Metasploit module ,...

Exploit Code, Metasploit Module Out for Ruby on Rails Flaws

Just two days after the disclosure of a string of serious vulnerabilities in Ruby on Rails, researchers have released proof-of-concept exploit code for a couple of the flaws and the team at Metasploit have released a module for the penetration testing framework that exploit one of the bugs, as...

Enterasys NetSight nssyslogd.exe Buffer Overflow

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Enterasys NetSight nssyslogd.exe Buff...

Enterasys NetSight - 'nssyslogd.exe' Remote Buffer Overflow (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Enterasys NetSight nssyslogd.exe Buff...

Enterasys NetSight nssyslogd.exe Buffer Overflow

This module exploits a stack buffer overflow in Enterasys NetSight. The vulnerability exists in the Syslog service nssylogd.exe when parsing a specially crafted PRIO from a syslog message. The module has been tested successfully on Enterasys NetSight 4.0.1.34 over Windows XP SP3 and Windows 2003...