PHP Hex Encoder

This encoder returns a hex string encapsulated in evalhex2bin, increasing the size by a bit more than a factor two. Module Options msf use encoder/php/hex msf encoderhex show actions ...actions... msf encoderhex set ACTION msf encoderhex show options ...show and set options... msf encoderhex run...

Ray cpu_profile command injection

Ray RCE via cpuprofile command injection vulnerability. Module Options msf use exploit/linux/http/raycpuprofilecmdinjectioncve20236019 msf exploitraycpuprofilecmdinjectioncve20236019 show targets ...targets... msf exploitraycpuprofilecmdinjectioncve20236019 set TARGET msf...

Ray static arbitrary file read

Ray before 2.8.1 is vulnerable to a local file inclusion. Module Options msf use auxiliary/gather/raylficve20236020 msf auxiliaryraylficve20236020 show actions ...actions... msf auxiliaryraylficve20236020 set ACTION msf auxiliaryraylficve20236020 show options ...show and set options... msf...

Exploit for Server-Side Request Forgery in Apache Http_Server

It is an offensive tool for web applications. The repository app...

Softing Secure Integration Server 1.22 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'zip' require 'metasploit/framework/loginscanner/softingsis' class MetasploitModule 'Softing Secure Integration Server v1.22 Remote Code Execution', 'Description...

CVE-2024-29824

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. Recent assessments: cdelafuente-r7 at July 23, 2024 8:10am UTC reported: Ivanti Endpoint Manager EPM versions 2022 SU5 a...

Jasmin Ransomware Web Server Unauthenticated SQL Injection

The Jasmin Ransomware web server contains an unauthenticated SQL injection vulnerability within the login functionality. As of April 15, 2024 this was still unpatched, so all versions are vulnerable. The last patch was in 2021, so it will likely not ever be patched. Retrieving the victim's data m...

CVE-2024-20767 - Adobe Coldfusion Arbitrary File Read

This module exploits an Improper Access Vulnerability in Adobe Coldfusion versions prior to version '2023 Update 6' and '2021 Update 12'. The vulnerability allows unauthenticated attackers to request authentication token in the form of a UUID from the /CFIDE/adminapi/servermanager/servermanager.c...

GitLens Git Local Configuration Exec

GitKraken GitLens before v.14.0.0 allows an untrusted workspace to execute git commands. A repo may include its own .git folder including a malicious config file to execute arbitrary code. Tested against VSCode 1.87.2 with GitLens 13.6.0 on Ubuntu 22.04 and Windows 10 Module Options msf use...

Gibbon School Platform 26.0.00 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Gibbon School Platform Authenticated PHP Deserialization Vulnerability', 'Description' = %q A Remote Code Execution vulnerability in Gibbon onlin...

Exploit for Server-Side Request Forgery in Anyscale Ray

PoC for a remote command execution vulnerability in Ray framew...

WatchGuard XTM Firebox Unauthenticated Remote Command Execution

This module exploits a buffer overflow at the administration interface 8080 or 4117 of WatchGuard Firebox and XTM appliances which is built from a cherrypy python backend sending XML-RPC requests to a C binary called wgagent using pre-authentication endpoint /agent/login. This vulnerability impac...

Artica Proxy Unauthenticated PHP Deserialization Exploit

A command injection vulnerability in Artica Proxy appliance versions 4.50 and 4.40 allows remote attackers to run arbitrary commands via an unauthenticated HTTP request. The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and...

Base64 Command Encoder

This encoder uses base64 encoding to avoid bad characters. Module Options msf use encoder/cmd/base64 msf encoderbase64 show actions ...actions... msf encoderbase64 set ACTION msf encoderbase64 show options ...show and set options... msf encoderbase64 run This module requires Metasploit:...

PRTG Authenticated Remote Code Execution

class MetasploitModule 'PRTG CVE-2023-32781 Authenticated RCE', 'Description' = %q Authenticated RCE in Paessler PRTG , 'License' = MSFLICENSE, 'Author' = 'Kevin Joensen ', 'References' = 'URL', 'https://baldur.dk/blog/prtg-rce.html', 'CVE', '2023-32781' , 'DisclosureDate' = '2023-08-09',...

MajorDoMo Command Injection Exploit

This Metasploit module exploits a command injection vulnerability in MajorDoMo versions before 0662e5e. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MajorDoMo Command Injection', 'Descriptio...

Apache Commons Text 1.9 Remote Code Execution Exploit

This Metasploit module exploit takes advantage of the StringSubstitutor interpolator class, which is included in the Commons Text library. A default interpolator allows for string lookups that can lead to remote code execution. This is due to a logic flaw that makes the script, dns and url lookup...

MajorDoMo Command Injection

This module exploits a command injection vulnerability in MajorDoMo versions before 0662e5e. Module Options msf use exploit/linux/http/majordomocmdinjectcve202350917 msf exploitmajordomocmdinjectcve202350917 show targets ...targets... msf exploitmajordomocmdinjectcve202350917 set TARGET msf...

Ansible Config Gather

This module will grab ansible information including hosts, ping status, and the configuration file. Module Options msf use post/linux/gather/ansible msf postansible show actions ...actions... msf postansible set ACTION msf postansible show options ...show and set options... msf postansible run Th...

Vinchin Backup And Recovery Command Injection Exploit

This Metasploit module exploits a command injection vulnerability in Vinchin Backup & Recovery v5.0., v6.0., v6.7., and v7.0.. Due to insufficient input validation in the checkIpExists API endpoint, an attacker can execute arbitrary commands as the web server user. This module requires Metasploit...