1198 matches found
Microsoft Registry Symlink - IE Sandbox Escape (MS13-097) (Metasploit)
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex' require 'msf/core/exploit/exe' require 'msf/core/exploit/powershell' class Metasploit3 'MS13-097 Registry Symlink IE Sandbox Escape',...
AlienVault OSSIM av-centerd Command Injection
This module exploits a code execution flaw in AlienVault 4.6.1 and prior. The vulnerability exists in the av-centerd SOAP web service, where the updatesysteminfodebianpackage method uses perl backticks in an insecure way, allowing command injection. This module has been tested successfully on...
Easy File Management Web Server Stack Buffer Overflow
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Easy File Management Web Server Stack Buffer Overflow', 'Description' = %q Easy File Management Web Server v4.0 and v5.3 contains a...
OpenSSL DTLS Fragment Buffer Overflow DoS
This module performs a Denial of Service Attack against Datagram TLS in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h. This occurs when a DTLS ClientHello message has multiple fragments and the fragment lengths of later fragments are larger than that of the first, a buffer...
MS14-009 .NET Deployment Service IE Sandbox Escape
This module abuses a process creation policy in Internet Explorer's sandbox, specifically in the .NET Deployment Service dfsvc.exe, which allows the attacker to escape the Enhanced Protected Mode, and execute code with Medium Integrity. This module requires Metasploit:...
Buffer Overflows Patched in Yokogawa Control System Products
Patches for critical vulnerabilities in production control system software built by Yokogawa Electric Corp. of Japan are available, according to an advisory issued Tuesday by the Industrial Control System Cyber Emergency Response Team ICS-CERT. The advisory warns that there are publicly available...
AlienVault 4.6.1 SQL Injection Vulnerability
AlienVault 4.6.1 and below is susceptible to an authenticated SQL injection attack against newpolicyform.php using the 'insertinto' parameter. This Metasploit module exploits the lack of input filtering to read an arbitrary file from the file system. Any authenticated user is able to exploit this...
Advantech WebAccess DBVisitor.dll ChartThemeConfig SQL Injection
This module exploits a SQL injection vulnerability found in Advantech WebAccess 7.1. The vulnerability exists in the DBVisitor.dll component, and can be abused through malicious requests to the ChartThemeConfig web service. This module can be used to extract the site and project usernames and...
AlienVault 4.6.1 SQL Injection
Exploit Title: AlienVault newpolicyform.php SQLi Date: 5/9/2014 Exploit Author: chrisdhebertatgmail.com Vendor Homepage: http://www.alienvault.com/ Software Link: http://www.alienvault.com/free-downloads-services Version: 4.6.1 and below Tested on: Linux CVE : n/a Vendor Security Advisory :...
Adobe Flash Player Integer Underflow Remote Code Execution Exploit
This Metasploit module exploits a vulnerability found in the ActiveX component of Adobe Flash Player before 12.0.0.43. By supplying a specially crafted swf file it is possible to trigger an integer underflow in several avm2 instructions, which can be turned into remote code execution under the...
Struts2 远程命令执行
No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Apache Struts ClassLoader Manipulation Remote Code Execution', 'Description' = %q This module...
Apache Struts ClassLoader Manipulation Remote Code Execution
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Apache Struts ClassLoader Manipulation Remote Code Execution', 'Description' = %q This module exploits a remote command execution...
mRemote Offline Password Decrypt
mRemote Offline Password Decrypt Based on Metasploit Module enummremotepwds.rb from David Maloney Autor: Adriano Marcio Monteiro E-mail: [email protected] Blog: adrianomarciomonteiro.blogspot.com.br Usage: ruby mRemoteOffPwdsDecrypt.rb confCons.xml require 'rexml/document' require...
MS14-012 Microsoft Internet Explorer CMarkup Use-After-Free
This Metasploit module exploits an use after free condition on Internet Explorer as used in the wild on the "Operation SnowMan" in February 2014. The module uses Flash Player 12 in order to bypass ASLR and finally DEP. This module requires Metasploit: http//metasploit.com/download Current source:...
WinRAR Filename Spoofing
This module abuses a filename spoofing vulnerability in WinRAR. The vulnerability exists when opening ZIP files. The file names showed in WinRAR when opening a ZIP file come from the central directory, but the file names used to extract and open contents come from the Local File Header. This...
WinRAR Filename Spoofing
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex/zip' class Metasploit3 'WinRAR Filename Spoofing', 'Description' = %q This module abuses a filename spoofing vulnerability in WinRAR. The...
JIRA Issues Collector Directory Traversal
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'JIRA Issues Collector Directory Traversal', 'Description' = %q This module exploits a directory traversal flaw in JIRA 6.0.3. The...
ibstat $PATH Privilege Escalation Exploit
Exploit for linux platform in category local exploits This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class Metasploit4 "ibstat $PATH Privilege Escalation", "Description" = %q This module exploits the trusted $PATH...
EMC CTA v10.0 Unauthenticated XXE Arbitrary File Read
EMC CTA v10.0 is susceptible to an unauthenticated XXE attack that allows an attacker to read arbitrary files from the file system with the permissions of the root user. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework...
EMC Cloud Tiering Appliance 10.0 - XML External Entity Arbitrary File Read (Metasploit)
EMC Cloud Tiering Appliance 10.0 - XML External Entity Arbitrary File Read Metasploit EMC Cloud Tiering Appliance v10.0 Unauthed XXE The following authentication request is susceptible to an XXE attack: POST /api/login HTTP/1.1 Host: 172.31.16.99 User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664;...