13541 matches found
Apple TV Image Remote Control
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apple TV Image Remote Control', 'Description' = %q This module will show an image on an AppleTV device for a period of time. Some AppleTV devices...
Netgear Unauthenticated SOAP Password Extractor
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Netgear Unauthenticated SOAP Password Extractor', 'Description' = %q This module exploits an authentication bypass vulnerability in different...
Nexpose XXE Arbitrary File Read
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'nexpose' class MetasploitModule 'Nexpose XXE Arbitrary File Read', 'Description' = %q Nexpose v5.7.2 and prior is vulnerable to a XML External Entity attack via...
Cablehaunt Cable Modem WebSocket Denial of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'eventmachine' require 'faye/websocket' class MetasploitModule '"Cablehaunt" Cable Modem WebSocket DoS', 'Description' = %q There exists a buffer overflow...
Oracle DB 10gR2, 11gR1/R2 DBMS_JVM_EXP_PERMS OS Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle DB 10gR2, 11gR1/R2 DBMSJVMEXPPERMS OS Command Execution', 'Description' = %q This module exploits a flaw 0 day in DBMSJVMEXPPERMS package...
Microsoft SQL Server SQL Injection Escalate Db_Owner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SQL Server SQLi Escalate DbOwner', 'Description' = %q This module can be used to escalate SQL Server user privileges to sysadmin throug...
Wordpress MasterStudy Admin Account Creation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress MasterStudy Admin Account Creation', 'Description' = %q MasterStudy LMS, a WordPress plugin, prior to 2.7.6 is affected by a privilege...
WordPress WPLMS Theme Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress WPLMS Theme Privilege Escalation', 'Description' = %q The WordPress WPLMS theme from version 1.5.2 to 1.8.4.1 allows an authenticated...
Kaseya VSA Master Administrator Account Creation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Kaseya VSA Master Administrator Account Creation', 'Description' = %q This module abuses the setAccount page on Kaseya VSA between 7 and 9.1 to...
Webmin Edit_html.cgi File Parameter Traversal Arbitrary File Access
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Webmin edithtml.cgi file Parameter Traversal Arbitrary File Access', 'Description' = %q This module exploits a directory traversal in Webmin 1.58...
MantisBT Admin SQL Injection Arbitrary File Read
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "MantisBT Admin SQL Injection Arbitrary File Read", 'Description' = %q Versions 1.2.13 through 1.2.16 are vulnerable to a SQL injection attack if ...
Viproy CUCDM IP Phone XML Services Speed Dial Attack Tool
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rexml/document' class MetasploitModule 'Viproy CUCDM IP Phone XML Services - Speed Dial Attack Tool', 'Description' = %q The BVSMWeb portal in the web framework...
GitStack Unauthenticated REST API Requests
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GitStack Unauthenticated REST API Requests', 'Description' = %q This modules exploits unauthenticated REST API requests in GitStack through...
VxWorks WDB Agent Remote Reboot
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VxWorks WDB Agent Remote Reboot', 'Description' = %q This module provides the ability to reboot a VxWorks target through WDBRPC , 'Author' = 'hdm...
WordPress All-in-One Migration Export
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress All-in-One Migration Export', 'Description' = %q This module allows you to export Wordpress data such as the database, plugins, themes,...
LibreOffice 6.03 /Apache OpenOffice 4.1.5 Malicious ODT File Generator
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'base64' require 'rex/zip' class MetasploitModule 'LibreOffice 6.03 /Apache OpenOffice 4.1.5 Malicious ODT File Generator', 'Description' = 'Generates a Maliciou...
Limesurvey Unauthenticated File Download
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework for extracting files require 'zip' class MetasploitModule 'Limesurvey Unauthenticated File Download', 'Description' = %q This module exploits an unauthenticated file...
Windows IIS HTTP Protocol Stack Denial of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows IIS HTTP Protocol Stack DOS', 'Description' = %q This module exploits CVE-2021-31166, a UAF bug in http.sys when parsing specially crafte...
Atlassian Confluence Data Center And Server Authentication Bypass Via Broken Access Control
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Atlassian Confluence Data Center and Server Authentication Bypass via Broken Access Control', 'Description' = %q This module exploits a broken...
Microsoft SQL Server SUSER_SNAME SQL Logins Enumeration
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SQL Server SUSERSNAME SQL Logins Enumeration', 'Description' = %q This module can be used to obtain a list of all logins from a SQL...