13537 matches found
TFTP Fetch
Fetch and execute an ARMBE payload from a TFTP server. Module Options msf use payload/cmd/linux/tftp/armbe/meterpreterreversetcp msf payloadmeterpreterreversetcp show actions ...actions... msf payloadmeterpreterreversetcp set ACTION msf payloadmeterpreterreversetcp show options ...show and set...
HTTP Fetch
Fetch and execute an ARMBE payload from an HTTP server. Module Options msf use payload/cmd/linux/http/armbe/meterpreterreversehttp msf payloadmeterpreterreversehttp show actions ...actions... msf payloadmeterpreterreversehttp set ACTION msf payloadmeterpreterreversehttp show options ...show and s...
InvokeAI Remote Code Execution Exploit
InvokeAI has a critical vulnerability leading to remote code execution in the /api/v2/models/install API through unsafe model deserialization. The API allows users to specify a model URL, which is downloaded and loaded server-side using torch.load without proper validation. This functionality...
BeyondTrust Remote Code Execution Exploit
This exploit achieves unauthenticated remote code execution against BeyondTrust Privileged Remote Access PRA and Remote Support RS, with the privileges of the site user of the targeted BeyondTrust product site. This exploit targets PRA and RS versions 24.3.1 and below. This module requires...
InvokeAI Remote Code Execution
InvokeAI has a critical vulnerability leading to remote code execution in the /api/v2/models/install API through unsafe model deserialization. The API allows users to specify a model URL, which is downloaded and loaded server-side using torch.load without proper validation. This functionality...
Exploit for Out-of-bounds Read in Microsoft
metasploit-ldapnightmare SafeBreaches CVE-2024-49113 POCLdapN...
Ivanti Connect Secure HTTP Scanner
This module will perform authentication scanning against Ivanti Connect Secure Module Options msf use auxiliary/scanner/ivanti/loginscanner msf auxiliaryloginscanner show actions ...actions... msf auxiliaryloginscanner set ACTION msf auxiliaryloginscanner show options ...show and set options... m...
Argus Surveillance DVR 4.0.0.0 - Directory Traversal
This module leverages an unauthenticated arbitrary file read for the Argus Surveillance 4.0.0.0 system which never saw an update since. As this is a Windows related application we recommend looking for common Windows file locations, especially C:\ProgramData\PYSoftware\Argus Surveillance...
Metasploit Weekly Wrap-Up 01/31/25
ESC4 Detection This week, Metasploit’s jheysel-r7 updated the existing ldapescvulnerablecertfinder module to include detecting template objects that can be written to by the authenticated user. This means the module can now identify instances of ESC4 from the perspective of the account that the...
CVE-2022-3365 Emote Interactive Remote Mouse Server command injection due to weak encoding
Due to reliance on a trivial substitution cipher, sent in cleartext, and the reliance on a default password when the user does not set a password, the Remote Mouse Server by Emote Interactive can be abused by attackers to inject OS commands over theproduct's custom control protocol. A Metasploit...
CVE-2022-3365
CVE-2022-3365 affects Remote Mouse Server by Emote Interactive. The Red Hat, NVD, and CVE records describe unauthenticated remote code execution via the server’s protocol, tied to weak encoding (trivial substitution cipher) and default password use when none is set, with Metasploit tests against ...
Craft CMS Twig Template Injection / Remote Code Execution Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Craft CMS Twig Template Injection RCE via FTP Templates Path', 'Description' = %q This module exploits a Twig template injection vulnerability in...
Craft CMS Twig Template Injection RCE via FTP Templates Path
This module exploits a Twig template injection vulnerability in Craft CMS by abusing the --templatesPath argument. The vulnerability allows arbitrary template loading via FTP, leading to Remote Code Execution RCE. Module Options msf use exploit/linux/http/craftcmsftptemplate msf...
Craft CMS Twig Template Injection / Remote Code Execution
This Metasploit module exploits a Twig template injection vulnerability in Craft CMS by abusing the --templatesPath argument. The vulnerability allows arbitrary template loading via FTP, leading to remote code execution. This module requires Metasploit: https://metasploit.com/download Current...
Metasploit Wrap-Up 01/17/2025
Clarity in Cleo Exploitation Last Month, Huntress reported that several Cleo products were being attacked in the wild, including Harmony, VLTrader, and LexiCom. Cleo announced CVE-2024-50623 and that these issues were patched in 5.8.0.21, but Huntress reported the vulnerability was still in those...
Exploit for Cross-Site Request Forgery (CSRF) in Selenium Selenium_Grid
Selenium Chrome RCE Exploit Extended This repository conta...
Selenium arbitrary file read
If there is an open selenium web driver, a remote attacker can send requests to the victims browser. In certain cases this can be used to access to the remote file system. Module Options msf use auxiliary/gather/seleniumfileread msf auxiliaryseleniumfileread show actions ...actions... msf...
Selenium Chrome Remote Code Execution Exploit
Selenium Server Grid versions prior to 4.0.0-alpha-7 allows cross site request forgery because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain and this issue in turn allows for an attacker to achieve remote code execution. This modu...
Metasploit 2024 Annual Wrap-Up
Another year has come and gone, and the Metasploit team has taken some time to review the year’s notable additions. This year saw some great new features added, Metasploit 6.4 released and a slew of new modules. We’re grateful to the community members new and old that have submitted modules and...
Metasploit Weekly Wrap-Up 12/20/2024
New module content 4 GameOverlay Privilege Escalation and Container Escape Authors: bwatters-r7, g1vi, gardnerapp, and h00die Type: Exploit Pull request: 19460 contributed by gardnerapp Path: linux/local/gameoverlayprivesc AttackerKB reference: CVE-2023-2640 Description: Adds a module for...