97 matches found
Palo Alto Expedition 1.2.91 Remote Code Execution
class MetasploitModule 'Palo Alto Expedition Remote Code Execution CVE-2024-5910 and CVE-2024-9464', 'Description' = %q Obtain remote code execution in Palo Alto Expedition version 1.2.91 and below. The first vulnerability, CVE-2024-5910, allows to reset the password of the admin user, and the...
Metasploit Weekly Wrap-Up 08/30/2024
A New Way to Encode PHP Payloads A new PHP encoder has been released by a community contributor, jvoisin, allowing a PHP payload to be encoded as an ASCII-Hex string. This can then be decoded on the receiver to prevent issues with unescaped or bad characters. Ray Vulnerabilities This release of...
Ray cpu_profile Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ray cpuprofile command injection', 'Description' = %q Ray RCE via cpuprofile command injection vulnerability. , 'Author' = 'sierrabearchell',...
zMeedA
It is an offensive tool for Windows. The repository appears to b...
Metasploit Weekly Wrap-Up 02/23/2024
LDAP Capture module Metasploit now has an LDAP capture module thanks to the work of JustAnda7. This work was completed as part of the Google Summer of Code program. When the module runs it will by default require privileges to listen on port 389. The module implements a default implementation for...
Docker cgroups Container Escape
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Docker cgroups Container Escape', 'Description' = %q This exploit module takes advantage of a Docker image which has either the privileged flag, ...
Lucee Scheduled Job v1.0 - Command Execution Exploit
Exploit Title: Lucee Scheduled Job v1.0 - Command Execution Exploit Author: Alexander Philiotis Vendor Homepage: https://www.lucee.org/ Software Link: https://download.lucee.org/ Version: All versions with scheduled jobs enabled Tested on: Linux - Debian, Lubuntu & Windows 10 Ref :...
Metasploit Weekly Wrap-Up
Pre-authenticated Remote Code Execution in VMware NSX Manager using XStream CVE-2021-39144 There’s nothing quite like a pre-authenticated remote code execution vulnerability in a piece of enterprise software. This week, community contributor h00die-gr3y added a module that targets VMware NSX...
Exploit for CVE-2022-1966
It is an exploit module for a vulnerability in a proprietary sof...
Metasploit Weekly Wrap-Up
Log4Shell goodness Log4Shell made an unfortunate end to 2021 for many organizations, but it also makes for some great additions to Metasploit Framework. Contributors sempervictus, schierlm, righel, timwr and our very own Spencer McIntyre have collaborated to bring us a Log4Shell module that uses...
Exploit for Path Traversal in Microsoft
This repository is an exploit module for CVE-2021-40444, a remote code execution vulnerability in Microsoft Office Word. The repository contains a Python script exploit.py that generates a malicious docx document, a Windows DLL calc.dll that pops a calc.exe when executed, and a server script...
Exploit for Path Traversal in Apache Http_Server
CVE-2021-41773|CVE-2021-42013: Path Traversal Zero-Day in Apac...
Exploit for CVE-2021-3129
It is an exploit module for CVE-2021-3129. The target product/service is Laravel, a PHP web framework. The vulnerability class/vector is a remote code execution RCE vulnerability. The probable entry point is the Laravel application itself, likely through a web interface. Not specified...
Polkit D-Bus Authentication Bypass
A vulnerability exists within the polkit system service that can be leveraged by a local, unprivileged attacker to perform privileged operations. In order to leverage the vulnerability, the attacker invokes a method over D-Bus and kills the client process. This will occasionally cause the operati...
Polkit D-Bus Authentication Bypass
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'unixcrypt' class MetasploitModule 'Polkit D-Bus Authentication Bypass', 'Description' = %q A vulnerability exists within the polkit system service that can be...
Rapid7 Metasploit Framework 代码问题漏洞
Rapid7 Metasploit Framework is a penetration testing framework from the US company Rapid7. The Metasploit Framework suffers from a code issue vulnerability that stems from the fact that a user would inadvertently expose the deserialization of Metasploit, which is the issue exploited by this modul...
Nagios XI Prior to 5.8.0 - Plugins Filename Authenticated Remote Code Exection
This module exploits a command injection vulnerability CVE-2020-35578 in the /admin/monitoringplugins.php page of Nagios XI versions prior to 5.8.0 when uploading plugins. Successful exploitation allows an authenticated admin user to achieve remote code execution as the apache user by uploading a...
Metasploit Wrap-Up
Windows Server 2012 Fun Community contributor Erik Wynter added a local exploit module for a DLL hijacking vulnerability he discovered in Windows Server 2012. The TiWorker.exe process that runs as NT AUTHORITY\SYSTEM attempts to load SrClient.dll, which does not exist on the system. Because of...
metasploit-framework
This is an exploit module for the Metasploit Framework, a penetration testing tool. The module is designed to exploit a vulnerability in a specific target, which is not explicitly stated in the provided code. However, based on the code and the context, it appears that the target is a Windows...
Zen Cart 1.5.7b - Remote Code Execution (Authenticated)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This exploit write payload in database and trig to command a bug in an zencart v1.5.7b web application class MetasploitModule 'zencart authenticated remote code executio...