AlienVault 4.5.0 SQL Injection

The following request is vulnerable to a SQL injection attack from authenticated users. GET /ossim/report/BusinessAndComplianceISOPCI/ISO27001Bar1.php?datefrom=2014-02-28&dateto=2014-03-30 HTTP/1.1 Host: 172.31.16.150 User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:26.0 Gecko/20100101...

HP LaserJet Printer SNMP Enumeration

This module allows enumeration of files previously printed. It provides details as filename, client, timestamp and username information. The default community used is "public". This module requires Metasploit: https://metasploit.com/download Current source:...

Fitnesse Wiki - Remote Command Execution (Metasploit)

Fitnesse Wiki - Remote Command Execution Metasploit This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Fitnesse Wiki Remote Command Execution', 'Description' = %q This module exploits ...

LifeSize UVC Authenticated Remote Command Execution

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "LifeSize UVC Authenticated RCE via Ping", 'Description' = %q When authenticated as an administrator on LifeSize UVC 1.2.6, an attacke...

Quantum vmPRO Backdoor Command

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'net/ssh' class Metasploit3 "Quantum vmPRO Backdoor Command", 'Description' = %q This module abuses a backdoor command in vmPRO 3.1.2. Any user,...

Quantum vmPRO Backdoor Command

This module abuses a backdoor command in Quantum vmPRO. Any user, even one without admin privileges, can get access to the restricted SSH shell. By using the hidden backdoor "shell-escape" command it's possible to drop to a real root bash shell. This module has been tested successfully on Quantum...

HP Data Protector - Backup Client Service Remote Code Execution (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'HP Data Protector Backup Client Service Remote Code Execution', 'Description' = %q This module abuses the Backup Client Service...

Huawei E355 contains a direct request vulnerability

Overview Huawei E355 USB WiFi adapter with firmware version: 21.157.37.01.910 has been reported to contain a direct request vulnerability in the web interface. CWE-425 Description Huawei E355 USB WiFi adapter with firmware version: 21.157.37.01.910 has been reported to contain a direct request...

ALLPlayer 2.8.1 - (.m3u file) Buffer Overflow (SEH)

This Metasploit module exploits a stack-based buffer overflow vulnerability in ALLPlayer 2.8.1, caused by a long string in a playlist entry. By persuading the victim to open a specially-crafted .M3U file, a remote attacker could execute arbitrary code on the system or cause the application to...

ALLPlayer M3U Buffer Overflow

This module exploits a stack-based buffer overflow vulnerability in ALLPlayer 5.8.1, caused by a long string in a playlist entry. By persuading the victim to open a specially-crafted .M3U file, a remote attacker could execute arbitrary code on the system or cause the application to crash. This...

Total Video Player 1.3.1 (Settings.ini) - SEH Buffer Overflow

This Metasploit module exploits a buffer overflow in Total Video Player 1.3.1. The vulnerability occurs opening malformed Settings.ini file e.g."C:\Program Files\Total Video Player". This Metasploit module has been tested successfully over Windows WinXp-Sp3-EN, Windows 7, Windows 8. This module...

GE Proficy CIMPLICITY gefebt.exe Remote Code Execution

This Metasploit module abuses the gefebt.exe component in GE Proficy CIMPLICITY, reachable through the CIMPLICIY CimWebServer. The vulnerable component allows to execute remote BCL files in shared resources. An attacker can abuse this behaviour to execute a malicious BCL and drop an arbitrary EXE...

VNC Server (Reflective Injection), Reverse Hop HTTP/HTTPS Stager

Inject a VNC Dll via a reflective loader staged. Tunnel communication over an HTTP or HTTPS hop point. Note that you must first upload data/hop/hop.php to the PHP server you wish to use as a hop. This module requires Metasploit: https://metasploit.com/download Current source:...

Reflective DLL Injection, Reverse Hop HTTP/HTTPS Stager

Inject a DLL via a reflective loader. Tunnel communication over an HTTP or HTTPS hop point. Note that you must first upload data/hop/hop.php to the PHP server you wish to use as a hop. This module requires Metasploit: https://metasploit.com/download Current source:...

Pandora FMS Remote Code Execution Exploit

This Metasploit module exploits a vulnerability found in Pandora FMS 5.0RC1 and lower. It will leverage an unauthenticated command injection in the Anyterm service on port 8023. Commands are executed as the user "pandora". In Pandora FMS 4.1 and 5.0RC1 the user "artica" is not assigned a password...

Skybluecanvas CMS - Remote Code Execution (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'SkyBlueCanvas CMS Remote Code Execution', 'Description' = %q This module exploits an arbitrary command execution vulnerability in...

Apache Struts - Developer Mode OGNL Execution (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Apache Struts Developer Mode OGNL Execution', 'Description' = %q This module exploits a remote command execution vulnerability in...

Apache Struts Developer Mode OGNL Execution Exploit

This Metasploit module exploits a remote command execution vulnerability in Apache Struts 2. The problem exists on applications running in developer mode, where the DebuggingInterceptor allows evaluation and execution of OGNL expressions, which allows remote attackers to execute arbitrary Java...

SkyBlueCanvas CMS Remote Code Execution

This module exploits an arbitrary command execution vulnerability in SkyBlueCanvas CMS version 1.1 r248-03 and below. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SkyBlueCanvas CMS Remote Co...

HP Data Protector Backup Client Service Directory Traversal

This Metasploit module exploits a directory traversal vulnerability in the Hewlett-Packard Data Protector product. The vulnerability exists at the Backup Client Service OmniInet.exe when parsing packets with opcode 42. This Metasploit module has been tested successfully on HP Data Protector 6.20 ...