1621 matches found
Basilic 1.5.14 diff.php Arbitrary Command Execution
This module abuses a metacharacter injection vulnerability in the diff.php script. This flaw allows an unauthenticated attacker to execute arbitrary commands as the www-data user account. This module requires Metasploit: https://metasploit.com/download Current source:...
SugarCRM 6.3.1 unserialize() PHP Code Execution
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'SugarCRM %q This module exploits a ph...
Symantec Web Gateway 5.0.2.8 ipchange.php Command Injection
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "Symantec Web...
appRain CMF Arbitrary PHP File Upload Vulnerability
This module exploits a vulnerability found in appRain's Content Management Framework CMF, version 0.1.5 or less. By abusing the uploadify.php file, a malicious user can upload a file to the uploads/ directory without any authentication, which results in arbitrary code execution. This module...
CVE-2011-2586
The HTTP client in Cisco IOS 12.4 and 15.0 allows user-assisted remote attackers to cause a denial of service device crash via a malformed HTTP response to a request for service installation, aka Bug ID CSCts12249...
Design/Logic Flaw
The HTTP client in Cisco IOS 12.4 and 15.0 allows user-assisted remote attackers to cause a denial of service device crash via a malformed HTTP response to a request for service installation, aka Bug ID CSCts12249...
CVE-2011-2586
The HTTP client in Cisco IOS 12.4 and 15.0 allows user-assisted remote attackers to cause a denial of service device crash via a malformed HTTP response to a request for service installation, aka Bug ID CSCts12249...
V-CMS PHP File Upload And Execute
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "V-CMS PHP File...
Dolibarr ERP & CRM 3 Post-Auth OS Command Injection
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "Dolibarr ERP & CR...
FreePBX 2.9.0/2.10.0 - 'callmenum' Remote Code Execution (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'FreePBX 2.10.0 / 2.9.0 callmenum Remo...
Apache Struts Remote Command Execution
This module exploits a remote command execution vulnerability in Apache Struts versions 'Apache Struts Remote Command Execution', 'Description' = %q This module exploits a remote command execution vulnerability in Apache Struts versions...
NetDecision NOCVision Server Directory Traversal
This module exploits a directory traversal bug in NetDecision's TrafficGrapherServer.exe service. This is done by using "..." in the path to retrieve a file on a vulnerable machine. This module requires Metasploit: https://metasploit.com/download Current source:...
LotusCMS 3.0 eval() Remote Command Execution
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'LotusCMS 3.0 eval...
USN-1375-1: httplib2 vulnerability
The httplib2 Python library earlier than version 0.7.0 did not perform any server certificate validation when using HTTPS connections. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to alter or compromise confidential information in...
Gitorious Arbitrary Command Execution
Exploit for linux platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...
Drupal Views Module Users Enumeration
This module exploits an information disclosure vulnerability in the 'Views' module of Drupal, brute-forcing the first 10 usernames from 'a' to 'z'. Drupal 6 with 'Views' module 'Drupal Views Module Users Enumeration', 'Description' = %q This module exploits an information disclosure vulnerability...
CoCSoft Stream Down Stack Overflow
Added: 01/10/2012 CVE: CVE-2011-5052 BID: 51190 OSVDB: 78043 Background CoCSoft Stream Down is a streaming media download tool. Problem The CoCSoft Stream Down HTTP client implementation in version 6.8 and prior does not properly validate HTTP responses. This vulnerability may allow an attacker t...
CoCSoft Stream Down Stack Overflow
Added: 01/10/2012 CVE: CVE-2011-5052 BID: 51190 OSVDB: 78043 Background CoCSoft Stream Down is a streaming media download tool. Problem The CoCSoft Stream Down HTTP client implementation in version 6.8 and prior does not properly validate HTTP responses. This vulnerability may allow an attacker t...
CoCSoft Stream Down Stack Overflow
Added: 01/10/2012 CVE: CVE-2011-5052 BID: 51190 OSVDB: 78043 Background CoCSoft Stream Down is a streaming media download tool. Problem The CoCSoft Stream Down HTTP client implementation in version 6.8 and prior does not properly validate HTTP responses. This vulnerability may allow an attacker t...
CoCSoft Stream Down Stack Overflow
Added: 01/10/2012 CVE: CVE-2011-5052 BID: 51190 OSVDB: 78043 Background CoCSoft Stream Down is a streaming media download tool. Problem The CoCSoft Stream Down HTTP client implementation in version 6.8 and prior does not properly validate HTTP responses. This vulnerability may allow an attacker t...