907 matches found
ZEN Load Balancer Filelog Command Execution
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "ZEN Load Balancer...
E-Mail Security Virtual Appliance learn-msg.cgi Command Injection
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "E-Mail Security...
Zenoss 3 showDaemonXMLConfig Command Execution
This module exploits a command execution vulnerability in Zenoss 3.x which could be abused to allow authenticated users to execute arbitrary code under the context of the 'zenoss' user. The showdaemonxmlconfigs function in the 'ZenossInfo.py' script calls Popen with user controlled data from the...
SAP Management Console GetProcessList
This module attempts to list SAP processes through the SAP Management Console SOAP Interface This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SAP Management Console GetProcessList', 'Description...
EGallery PHP File Upload Vulnerability
Exploit for php platform in category web applications This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...
Umbraco CMS Remote Command Execution
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Umbraco CMS Remote Command Execution'...
Atlassian Crowd XML Entity Expansion Remote File Access
This module simply attempts to read a remote file from the server using a vulnerability in the way Atlassian Crowd handles XML files. The vulnerability occurs while trying to expand external entities with the SYSTEM identifier. This module has been tested successfully on Linux and Windows...
WordPress Plugin Foxypress - 'Uploadify.php' Arbitrary Code Execution (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'WordPress plugin Foxypress...
WeBid - 'converter.php' Remote PHP Code Injection (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'WeBid converter.php Remote PHP Code...
WebCalendar 1.2.4 Pre-Auth Remote Code Injection
Exploit for linux platform in category web applications This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...
FreePBX 2.10.0 / 2.9.0 callmenum Remote Code Execution
Exploit for php platform in category web applications This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core'...
Sockso Music Host Server 1.5 Directory Traversal
This module exploits a directory traversal bug in Sockso on port 4444. This is done by using "../" in the path to retrieve a file on a vulnerable machine. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...
LotusCMS 3.0 eval() Remote Command Execution
Exploit for php platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...
VMWare Enumerate Permissions
This module will log into the Web API of VMWare and try to enumerate all the user/group permissions. Unlike enum users this is only users and groups that specifically have permissions defined within the VMware product This module requires Metasploit: https://metasploit.com/download Current source...
VMWare Web Login Scanner
This module attempts to authenticate to the VMWare HTTP service for VmWare Server, ESX, and ESXI This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMWare Web Login Scanner', 'Description' = 'This...
Yaws Web Server Directory Traversal
This module exploits a directory traversal bug in Yaws v1.9.1 or less. The module can only be used to retrieve files. However, code execution might be possible. Because when the malicious user sends a PUT request, a file is actually created, except no content is written. This module requires...
Family Connections less.php Remote Command Execution
Exploit for php platform in category web applications This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...
phpLDAPadmin 1.2.1.1 - Remote PHP Code Injection (Metasploit) (2)
$Id: phpldapadminqueryengine.rb 14060 2011-10-25 05:25:39Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
Spreecommerce 0.60.1 Arbitrary Command Execution
$Id: spreesearchexec.rb 13831 2011-10-07 17:45:15Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
Oracle Secure Backup Authentication Bypass/Command Injection Vulnerability
$Id: osbunamejlist.rb 13591 2011-08-19 18:35:29Z mc $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...