DenyAll WAF < 6.3.0 - Remote Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "DenyAll Web Application Firewall Remote Code Execution", 'Description' = %q This module exploits the command injection vulnerability of DenyAll We...

Alienvault OSSIM av-centerd 4.7.0 - (get_log_line) Command Injection Exploit

Exploit for linux platform in category remote exploits require 'msf/core' require 'rexml/document' class MetasploitModule 'Alienvault OSSIM av-centerd Command Injection getlogline', 'Description' = %q This module exploits a command injection flaw found in the getlogline function found within...

Carel PlantVisor 2.4.4 - Directory Traversal Information Disclosure (Metasploit)

Carel PlantVisor 2.4.4 - Directory Traversal Information Disclosure Metasploit require 'msf/core' class MetasploitModule 'Carel Pl@ntVisor Directory Traversal', 'Description' = %q This module exploits a directory traversal vulnerability found in Carel Pl@ntVisor 'james fitts' , 'License' =...

Infinite Automation Mango Automation - Command Injection (Metasploit)

require 'msf/core' class MetasploitModule 'Infinite Automation Mango Automation Command Injection', 'Description' = %q This module exploits a command injection vulnerability found in Infinite Automation Systems Mango Automation v2.5.0 - 2.6.0 beta builds prior to 430. , 'Author' = 'james fitts' ,...

Trend Micro Control Manager - ImportFile Directory Traversal Remote Code Execution (Metasploit)

Trend Micro Control Manager - ImportFile Directory Traversal Remote Code Execution Metasploit require 'msf/core' require 'msf/core/exploit/phpexe' class MetasploitModule 'Trend Micro Control Manager importFile Directory Traversal RCE', 'Description' = %q This module exploits a directory traversal...

Carel PlantVisor 2.4.4 - Directory Traversal Information Disclosure Exploit

Exploit for windows platform in category web applications require 'msf/core' class MetasploitModule 'Carel email protected Directory Traversal', 'Description' = %q This module exploits a directory traversal vulnerability found in Carel email protected 'james fitts' , 'License' = MSFLICENSE,...

Alienvault OSSIM av-centerd Util.pm sync_rserver - Command Execution Exploit

Exploit for linux platform in category remote exploits require 'msf/core' class MetasploitModule 'Alienvault OSSIM av-centerd Util.pm syncrserver Command Execution', 'Description' = %q This module exploits a command injection vulnerability found within the syncrserver function in Util.pm. The...

Advantech SUSIAccess 3.0 - Directory Traversal Information Disclosure (Metasploit)

Advantech SUSIAccess 3.0 - Directory Traversal Information Disclosure Metasploit require 'msf/core' class MetasploitModule 'Advantech SUSIAccess Server Directory Traversal Information Disclosure', 'Description' = %q This module exploits an information disclosure vulnerability found in Advantech...

Advantech SUSIAccess <= 3.0 - Directory Traversal / Information Disclosure Exploit

Exploit for jsp platform in category web applications require 'msf/core' class MetasploitModule 'Advantech SUSIAccess Server Directory Traversal Information Disclosure', 'Description' = %q This module exploits an information disclosure vulnerability found in Advantech SUSIAccess 'james fitts' ,...

Advantech SUSIAccess &lt; 3.0 - Directory Traversal / Information Disclosure (Metasploit)

require 'msf/core' class MetasploitModule 'Advantech SUSIAccess Server Directory Traversal Information Disclosure', 'Description' = %q This module exploits an information disclosure vulnerability found in Advantech SUSIAccess 'james fitts' , 'License' = MSFLICENSE, 'References' = 'CVE', '2016-934...

CVE-2017-2589

It was discovered that the hawtio servlet uses a single HttpClient instance to proxy requests with a persistent cookie store cookies are stored locally and are not passed between the client and the end URL which means all clients using that proxy are sharing the same cookies...

Sonicwall 8.1.0.2-14sv - sitecustomization.cgi Command Injection (Metasploit)

Sonicwall 8.1.0.2-14sv - sitecustomization.cgi Command Injection Metasploit Exploit Title: Sonicwall importlogo/sitecustomization CGI Remote Command Injection Vulnerablity Date: 12/25/2016 Exploit Author: xort @ Critical Start Vendor Homepage: www.sonicwall.com Software Link:...

Insecure Hostname Verification Defaults

httpclient has insecure hostname verification defaults. If a X509HostnameVerifier is not provided, httpclient would default to having no hostname verification...

Netgear DGN2200 - dnslookup.cgi Command Injection Exploit

Exploit for cgi platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'net/http' require "base64" class MetasploitModule "Netgear DGN2200 dnslookup.cgi Command Injection",...

IPFire proxy.cgi RCE

IPFire, a free linux based open source firewall distribution, version 'IPFire proxy.cgi RCE', 'Description' = %q IPFire, a free linux based open source firewall distribution, version 'h00die ', module '0x09AL' discovery , 'References' = 'CVE', '2017-9757' , 'EDB', '42149' , 'License' = MSFLICENSE...

Octopus Deploy - (Authenticated) Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/powershell' require 'json' class MetasploitModule 'Octopus Deploy Authenticated Code Execution', 'Description' = %q This module can be used to...

Octopus Deploy Authenticated Code Execution Exploit

This Metasploit module can be used to execute a payload on an Octopus Deploy server given valid credentials or an API key. The payload is executed as a powershell script step on the Octopus Deploy server during a deployment. This module requires Metasploit: http://metasploit.com/download Current...

WePresent WiPG-1000 Command Injection Exploit

This Metasploit module exploits a command injection vulnerability in an undocumented CGI file in several versions of the WePresent WiPG-1000 devices. Version 2.0.0.7 was confirmed vulnerable, 2.2.3.0 patched this vulnerability. This module requires Metasploit: http://metasploit.com/download Curre...

AlienVault USM/OSSIM 5.3.4 / 5.3.5 Remote Command Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'AlienVault USM/OSSIM API Command Execution', 'Description' = %q This module exploits an unauthenticated command injection in...

jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name

It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...