1198 matches found
Aerohive NetConfig 10.0r8a Local File Inclusion / Remote Code Execution Exploit
This Metasploit module exploits local file inclusion and log poisoning vulnerabilities CVE-2020-16152 in Aerohive NetConfig, version 10.0r8a build-242466 and older in order to achieve unauthenticated remote code execution as the root user. NetConfig is the Aerohive/Extreme Networks HiveOS...
Exploit for Classic Buffer Overflow in Microsoft
PoC exploit for CVE-2017-7269, an RCE vulnerability in Microsoft IIS WebDav ScStoragePathFromUrl function. The exploit targets Microsoft Windows Server 2003 R2 and is implemented as a Metasploit module. The vulnerability allows remote attackers to execute arbitrary code via a long header beginnin...
Ericsson Network Location MPS GMPC21 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ericsson Network Location MPS - Restrictions Bypass RCE Meow Variant', 'Description' = %q This module exploits an arbitrary command execution...
Microsoft OMI Management Interface Authentication Bypass
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/SCXOperatingSystem' .freeze def initializeinfo = super updateinfo info, 'Name' = 'Microsoft OMI...
Moodle Teacher Enrollment Privilege Escalation / Remote Code Execution Exploit
Moodle versions 3.9, 3.8 to 3.8.3, 3.7 to 3.7.6, 3.5 to 3.5.12, and earlier unsupported versions allow for a teacher to exploit chain to remote code execution. A bug in the privileges system allows a teacher to add themselves as a manager to their own class. They can then add any other users, and...
CVE-2021-45511
creationtimestamp| type| source ---|---|--- 2021-09-24 20:20:16+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/netgearpnpxgetsharefolderlistauthbypass.rb 2021-12-26 07:35:21+00:00| seen| https://t.me/cibsecurity/34643 2025-10-23 21:12:59+00:00...
Geutebruck instantrec Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Geutebruck instantrec Remote Command Execution', 'Description' = %q This module exploits a buffer overflow within the 'action' parameter of the...
Linux eBPF ALU32 32-bit Invalid Bounds Tracking Local Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Linux eBPF ALU32 32-bit Invalid Bounds Tracking LPE', 'Description' = %q Linux kernels from 5.7-rc1 prior to 5.13-rc4, 5.12.4, 5.11.21, and 5.10....
Sage Group Sage X3 信息泄露漏洞
Sage Group Sage X3 is an application from Sage Group, Inc. an enterprise resource planning product developed for mature organizations. An information disclosure vulnerability exists in Sage X3 where the Metasploit module exploits an authentication bypass vulnerability in the Sage X3 AdxSrv...
Sage Group Sage X3 安全漏洞
Sage Group Sage X3 is an application from Sage Group, Inc. an enterprise resource planning product developed for mature organizations. A security vulnerability exists in Sage X3 where the Metasploit module exploits an authentication bypass vulnerability in the Sage X3 AdxSrv management protocol t...
vulhub
This repository is an offensive tool for vulnerability research and exploitation. It contains a collection of vulnerable environments and tools for testing and demonstrating various attacks. The repository includes a variety of modules and tools for different types of attacks, such as web...
Lightweight Facebook-Styled Blog Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Lightweight facebook-styled blog authenticated remote code execution", 'Description' = %q This module exploits the file upload vulnerability of...
CVE-2022-44384
creationtimestamp| type| source ---|---|--- 2021-06-24 15:51:21+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/rconfigvendorsauthfileuploadrce.rb 2022-11-17 20:18:08+00:00| seen| https://t.me/cibsecurity/53083 2025-04-29 15:11:46+00:00|...
Solaris SunSSH 11.0 x86 - libpam Remote Root Exploit
Exploit Title: Solaris SunSSH 11.0 x86 - libpam Remote Root 2 Original Exploit Author: Hacker Fantastic Metasploit Module Author: wvu Vendor Homepage: https://www.oracle.com/solaris/technologies/solaris10-overview.html Version: 10 Tested on: SunOS solaris 10 CVE: CVE-2020-14871 Ported By: legend...
ExifTool DjVu ANT Perl injection
This module exploits a Perl injection vulnerability in the DjVu ANT parsing code of ExifTool versions 7.44 through 12.23 inclusive. The injection is used to execute a shell command using Perl backticks. The DjVu image can be embedded in a wrapper image using the HasselbladExif EXIF field. Module...
Google Chrome XOR Typer Out-Of-Bounds Access / Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Google Chrome versions before 89.0.4389.128 V8 XOR Typer Out-Of-Bounds Access RCE', 'Description' = %q This module exploits an issue in the V8...
Micro Focus Operations Bridge Reporter shrboadmin Default Password Exploit
This Metasploit module abuses a known default password on Micro Focus Operations Bridge Reporter. The shrboadmin user, installed by default by the product has the password of shrboadmin, and allows an attacker to login to the server via SSH. This module has been tested with Micro Focus Operations...
Micro Focus Operations Bridge Reporter shrboadmin default password
This module abuses a known default password on Micro Focus Operations Bridge Reporter. The 'shrboadmin' user, installed by default by the product has the password of 'shrboadmin', and allows an attacker to login to the server via SSH. This module has been tested with Micro Focus Operations Bridge...
GravCMS 1.10.7 Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GravCMS Remote Command Execution', 'Description' = %q This module exploits arbitrary config write/update vulnerability to achieve remote code...
Nagios XI getprofile.sh Remote Command Execution Exploit
This Metasploit module exploits a vulnerability in the getprofile.sh script of Nagios XI versions prior to 5.6.6 in order to upload a malicious checkping plugin and thereby execute arbitrary commands. For Nagios XI 5.2.0 through 5.4.13, the commands are run as the nagios user. For versions 5.5.0...