HP Data Protector 8.10 Remote Command Execution Exploit

Exploit for windows platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'HP Data Protector 8.10 Remote Command Execution', 'Description' = %q This...

Nvidia Mental Ray Satellite Service Arbitrary DLL Injection

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Nvidia Mental Ray Satellite Service Arbitrary DLL Injection', 'Description' = %q The Nvidia Mental Ray Satellite Service listens for...

PHPMoAdmin 1.1.2 Remote Code Execution

This module exploits an arbitrary PHP command execution vulnerability due to a dangerous use of eval in PHPMoAdmin. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'PHPMoAdmin 1.1.2 Remote Code...

Solarwinds Orion Service SQL Injection Vulnerability

Various remote SQL injection vulnerabilities exist in the core Orion service used in most of the Solarwinds products. Affected products include Network Performance Monitor below version 11.5, NetFlow Traffic Analyzer below version 4.1, Network Configuration Manager below version 7.3.2, IP Address...

SolarWinds Orion Service - SQL Injection

I found a couple SQL injection vulnerabilities in the core Orion service used in most of the Solarwinds products SAM, IPAM, NPM, NCM, etc…. This service provides a consistent configuration and authentication layer across the products. To be exact, the vulnerable applications and versions are:...

Seagate Business NAS Firmware Vulnerabilities Disclosed

Firmware running on certain Seagate network-attached storage devices that are popular with small businesses and home offices, are vulnerable to remote attacks. Researchers at Beyond Binary, a security consulting firm in Australia, on Sunday went public with their disclosure after a nearly...

HP Client Automation Command Injection Exploit

This Metasploit module exploits a command injection vulnerability on HP Client Automation, distributed actually as Persistent Systems Client Automation. The vulnerability exists in the Notify Daemon radexecd.exe, which doesn't authenticate execution requests by default neither. This Metasploit...

Printer File Deletion Scanner

This module deletes a file on a set of printers using the Printer Job Language PJL protocol. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require "rex/proto/pjl" class MetasploitModule "Printer File Deletion...

WordPress Admin Shell Upload

This module requires Metasploit: http://www.metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex/zip' class Metasploit3 'WordPress Admin Shell Upload', 'Description' = %q This module will generate a plugin, pack the payload into it...

Hackers Can Remotely Install Malware Apps to Your Android Device

Security researchers have warned of a pair of vulnerabilities in the Google Play Store that could allow cyber crooks to install and launch malicious applications remotely on Android devices. Tod Beardsley, technical lead for the Metasploit Framework at Rapid7 warns that an X-Frame-Options XFO...

Achat 0.150 beta7 - Remote Buffer Overflow (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Achat v0.150 beta7 Buffer Overflow', 'Description' = %q This module exploits an unicode SEH based stack buffer overflow in Achat...

MS15-004 Microsoft Remote Desktop Services Web Proxy IE Sandbox Escape Exploit

This Metasploit module abuses a process creation policy in Internet Explorer's sandbox, specifically the Microsoft Remote Desktop Services Web Proxy IE one, which allows the attacker to escape the Protected Mode, and execute code with Medium Integrity. At the moment, this module only bypass...

Multi Gather RubyGems API Key

This module obtains a user's RubyGems API key from /.gem/credentials. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Multi Gather RubyGems API Key', 'Description' = %q This module obtains a...

Arris VAP2500 tools_command.php Command Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Arris VAP2500 toolscommand.php Command Execution', 'Description' = %q Arris VAP2500 access points are vulnerable to OS command...

GetGo Download Manager HTTP Response Buffer Overflow Exploit

Exploit for windows platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'GetGo Download Manager HTTP Response Buffer Overflow', 'Description' = %q...

CVE-2014-10021

creationtimestamp| type| source ---|---|--- 2015-01-13 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/35778 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/wpsymposiumshellupload.rb 2025-10-23 21:12:57+00:00|...

Lexmark MarkVision Enterprise - Arbitrary File Upload (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Lexmark MarkVision Enterprise Arbitrary File Upload', 'Description' = %q This module exploits a code execution flaw in Lexmark...

WordPress WP Symposium 14.11 Shell Upload

This module requires Metasploit: http://www.metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'WordPress WP Symposium 14.11 Shell Upload', 'Description' = %qWP Symposium Plugin for WordPress contains a flaw that allows a...

WordPress WP Symposium 14.11 Shell Upload

WP Symposium Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This flaw exists because the /wp-symposium/server/fileuploadform.php script does not properly verify or sanitize user-uploaded files. By uploading a .php file, the remote system will pla...

ManageEngine Shell Upload / Directory Traversal Vulnerabilities

ManageEngine products Service Desk Plus, Asset Explorer, Support Center, and IT360 suffer from file upload and directory traversal vulnerabilities. This is part 11 of the ManageOwnage series. For previous parts, see 1. This time we have two remote code execution via file upload and directory...