RuggedCom Telnet Password Generator

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'RuggedCom Telnet Password Generator', 'Description' = %q This module will calculate the password for the hard-coded hidden username "factory" in...

Brocade Enable Login Check Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/credentialcollection' require 'metasploit/framework/loginscanner/telnet' class MetasploitModule 'Brocade Enable Login Check Scanner',...

GitStack Unauthenticated REST API Requests

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GitStack Unauthenticated REST API Requests', 'Description' = %q This modules exploits unauthenticated REST API requests in GitStack through...

Ulterius Server File Download

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ulterius Server File Download Vulnerability', 'Description' = %q This module exploits a directory traversal vulnerability in Ulterius Server 'Ric...

Netgear Unauthenticated SOAP Password Extractor

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Netgear Unauthenticated SOAP Password Extractor', 'Description' = %q This module exploits an authentication bypass vulnerability in different...

WordPress Symposium Plugin SQL Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Symposium Plugin SQL Injection', 'Description' = %q This module exploits a SQL injection vulnerability in the WP Symposium plugin befor...

Linksys WRT120N TmUnblock Stack Buffer Overflow

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Linksys WRT120N tmUnblock Stack Buffer Overflow', 'Description' = %q This module exploits a stack-based buffer overflow vulnerability in the...

Cisco Data Center Network Manager Unauthenticated File Download

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco Data Center Network Manager Unauthenticated File Download', 'Description' = %q DCNM exposes a servlet to download files on...

Check Point Security Gateway Arbitrary File Read

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Check Point Security Gateway Arbitrary File Read', 'Description' = %q This module leverages an unauthenticated arbitrary root file read...

Unitronics PCOM Client

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Unitronics PCOM Client', 'Description' = %q Unitronics Vision PLCs allow unauthenticated PCOM commands to query PLC registers. , 'Author' = 'Luis...

Apache Commons FileUpload and Apache Tomcat Denial of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Commons FileUpload and Apache Tomcat DoS', 'Description' = %q This module triggers an infinite loop in Apache Commons FileUpload 1.0 throu...

Apache Tapestry HMAC secret key leak

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Tapestry HMAC secret key leak', 'Description' = %q This exploit finds the HMAC secret key used in Java serialization by Apache Tapestry...

Peplink Balance Routers SQL Injection

class MetasploitModule 'Peplink Balance routers SQLi', 'Description' = %q Firmware versions up to 7.0.0-build1904 of Peplink Balance routers are affected by an unauthenticated SQL injection vulnerability in the bauth cookie, successful exploitation of the vulnerability allows an attacker to...

Windows IIS HTTP Protocol Stack Denial of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows IIS HTTP Protocol Stack DOS', 'Description' = %q This module exploits CVE-2021-31166, a UAF bug in http.sys when parsing specially crafte...

General Electric D20 Password Recovery

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module grabs the device configuration from a GE D20M RTU and parses the usernames and passwords from it. class MetasploitModule 'General Electric D20 Password...

Axigen Arbitrary File Read And Delete

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Axigen Arbitrary File Read and Delete', 'Description' = %q This module exploits a directory traversal vulnerability in the WebAdmin interface of...

IBM Lotus Sametime Version Enumeration

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'uri' class MetasploitModule Release .+?/i , 'api', 'meeting', /^meeting=.$/i , 'api', 'appshare', /^appshare=.$/i , 'api', 'docshare', /^docshare=.$/i , 'api',...

Yokogawa BKBCopyD.exe Client

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Yokogawa BKBCopyD.exe Client', 'Description' = %q This module allows an unauthenticated user to interact with the Yokogawa CENTUM CS3000...

Kaseya VSA Master Administrator Account Creation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Kaseya VSA Master Administrator Account Creation', 'Description' = %q This module abuses the setAccount page on Kaseya VSA between 7 and 9.1 to...

SysAid Help Desk Database Credentials Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'openssl' class MetasploitModule 'SysAid Help Desk Database Credentials Disclosure', 'Description' = %q This module exploits a vulnerability in SysAid Help Desk...