PhotoStore 4.0.7 Arbitary File Execution

Exploit for php platform in category web applications ​ . \ /| | \ \ \ \ | | | | / \ / \ /\ / \ / / / / / \ /\ / \ / / / | | | Y \ / \ | | \ /\ \ \ | | /\ /\ / || || /\ \ /|| / /// \ /|| \ // / / / / / / http://tcc.sch.id ​ Exploit title : PhotoStore 4.0.7 shell upload Author...

Up.Time Monitoring Station post2file.php Arbitrary File Upload

This Metasploit module exploits an arbitrary file upload vulnerability found within the Up.Time monitoring server 7.2 and below. A malicious entity can upload a PHP file into the webroot without authentication, leading to arbitrary code execution. This module requires Metasploit:...

vBulletin Password Collector via nodeid SQL Injection

This module exploits a SQL injection vulnerability found in vBulletin 5 that has been used in the wild since March 2013. This module can be used to extract the web application's usernames and hashes, which could be used to authenticate into the vBulletin admin control panel. This module requires...

Open Flash Chart 2 - Arbitrary File Upload (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "Open Flash Chart v2 Arbitrary File Upload", 'Description' = %q This module exploits a file upload vulnerability found in Open Flash...

ZABBIX API及Frontend多个SQL注入漏洞(CVE-2013-5743)

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...

HP Intelligent Management SOM Account Creation

This module exploits a lack of authentication and access control in HP Intelligent Management, specifically in the AccountService RpcServiceServlet from the SOM component, in order to create a SOM account with Account Management permissions. This module has been tested successfully on HP...

WebTester 5.x - Command Execution (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "WebTester 5.x Command Execution", 'Description' = %q This module exploits a command execution vulnerability in WebTester version 5.x...

Radware AppDirector Bruteforce Login Utility

This module scans for Radware AppDirector's web login portal, and performs login brute force to identify valid credentials. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Radware AppDirector...

Zabbix 2.0.8 - SQL Injection Remote Code Execution (Metasploit)

Zabbix 2.0.8 - SQL Injection Remote Code Execution Metasploit This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Zabbix 2.0.8 SQL Injection and Remote Code Execution

This Metasploit module exploits an unauthenticated SQL injection vulnerability affecting Zabbix versions 2.0.8 and lower. The SQL injection issue can be abused in order to retrieve an active session ID. If an administrator level user is identified, remote code execution can be gained by uploading...

Zabbix 2.0.8 SQL Injection / Remote Code Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "Zabbix 2.0.8 SQL...

GestioIP - Remote Command Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit4 'GestioIP Remote...

GestioIP Remote Command Execution

This module exploits a command injection flaw to create a shell script on the filesystem and execute it. If GestioIP is configured to use no authentication, no password is required to exploit the vulnerability. Otherwise, an authenticated user is required to exploit. This module requires...

ZeroShell Remote Code Execution Vulnerability

This Metasploit module exploits a vulnerability found in ZeroShell 2.0 RC2 and lower. It will leverage an unauthenticated local file inclusion vulnerability in the "/cgi-bin/kerbynet" url. The file retrieved is "/var/register/system/ldap/rootpw". This file contains the admin password in cleartext...

Linksys WRT110 Remote Command Execution Vulnerability

The Linksys WRT110 consumer router is vulnerable to a command injection exploit in the ping field of the web interface. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on...

Sophos Web Protection Appliance sblistpack Arbitrary Command Execution

This module exploits a command injection vulnerability on Sophos Web Protection Appliance 3.7.9, 3.8.0 and 3.8.1. The vulnerability exists on the sblistpack component, reachable from the web interface without authentication. This module has been tested successfully on Sophos Virtual Web Appliance...

Graphite Web Unsafe Pickle Handling Exploit

This Metasploit module exploits a remote code execution vulnerability in the pickle handling of the rendering code in the Graphite Web project between version 0.9.5 and 0.9.10 both included. This file is part of the Metasploit Framework and may be subject to redistribution and commercial...

Graphite Web - Unsafe Pickle Handling (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Graphite Web Unsafe Pickle Handling',...

Foreman (Red Hat OpenStack/Satellite) Code Injection Vulnerability

This Metasploit module exploits a code injection vulnerability in the 'create' action of 'bookmarks' controller of Foreman and Red Hat OpenStack/Satellite Foreman 1.2.0-RC1 and earlier. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions...

Foreman (Red Hat OpenStack/Satellite) users/create Mass Assignment

This module exploits a mass assignment vulnerability in the 'create' action of 'users' controller of Foreman and Red Hat OpenStack/Satellite Foreman 1.2.0-RC1 and earlier by creating an arbitrary administrator account. For this exploit to work, your account must have 'createusers' permission e.g....