914 matches found
IPFire proxy.cgi RCE
IPFire, a free linux based open source firewall distribution, version 'IPFire proxy.cgi RCE', 'Description' = %q IPFire, a free linux based open source firewall distribution, version 'h00die ', module '0x09AL' discovery , 'References' = 'CVE', '2017-9757' , 'EDB', '42149' , 'License' = MSFLICENSE...
Octopus Deploy - (Authenticated) Code Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/powershell' require 'json' class MetasploitModule 'Octopus Deploy Authenticated Code Execution', 'Description' = %q This module can be used to...
Octopus Deploy Authenticated Code Execution Exploit
This Metasploit module can be used to execute a payload on an Octopus Deploy server given valid credentials or an API key. The payload is executed as a powershell script step on the Octopus Deploy server during a deployment. This module requires Metasploit: http://metasploit.com/download Current...
WePresent WiPG-1000 Command Injection Exploit
This Metasploit module exploits a command injection vulnerability in an undocumented CGI file in several versions of the WePresent WiPG-1000 devices. Version 2.0.0.7 was confirmed vulnerable, 2.2.3.0 patched this vulnerability. This module requires Metasploit: http://metasploit.com/download Curre...
AlienVault USM/OSSIM 5.3.4 / 5.3.5 Remote Command Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'AlienVault USM/OSSIM API Command Execution', 'Description' = %q This module exploits an unauthenticated command injection in...
jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name
It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...
Important: Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.3 R2 security and bug fix update
An update is now available for Red Hat JBoss Fuse and Red Hat JBoss A-MQ. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...
Nuxeo Platform 6.x / 7.x Shell Upload
Description Nuxeo Platform is a content management system for enterprises CMS. It embeds an Apache Tomcat server, and can be managed through a web interface. One of its features allows authenticated users to import files to the platform. By crafting the upload request with a specific X-File-Name...
Ruby on Rails 4.0.x / 4.1.x / 4.2.x (Web Console v2) - Whitelist Bypass Code Execution Exploit
Exploit for multiple platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Ruby on Rails Web Console v2 Whitelist Bypass Code Execution',...
dnaLIMS Admin Module Command Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'dnaLIMS Admin Module Command Execution', 'Description' = %q This module utilizes an administrative module which allows for...
Kodi 17.0 Local File Inclusion Exploit
Usage Info msf use auxiliary/scanner/http/koditraversal msf auxiliarykoditraversal show actions ...actions... msf auxiliarykoditraversal set ACTION msf auxiliarykoditraversal show options ...show and set options... msf auxiliarykoditraversal run This module requires Metasploit:...
Netgear R7000 / R6400 cgi-bin Command Injection
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "Netgear R7000 and R6400 cgi-bin Command Injection", 'Description' = %q This module exploits an arbitrary command injection...
Netgear R7000 / R6400 cgi-bin Command Injection Exploit
This Metasploit module exploits an arbitrary command injection vulnerability in Netgear R7000 and R6400 router firmware version 1.0.7.21.1.93 and possibly earlier. This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework requir...
dnaLIMS Admin Module Command Execution
This module utilizes an administrative module which allows for command execution. This page is completely unprotected from any authentication when given a POST request. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework...
DokuWiki SSRF Security Bypass Vulnerability(CVE-2016-7964 )
I found a ssrf vulnerability in dokuwiki. The sendRequest method in HTTPClient ClassIn file: /inc/HTTPClient.php has no restrict to access private network, such as, 10.0.0.1/8, 172.16.0.0/12, 192.168.0.0/16. This allows user to scan port of internal network. For example, 1. edit any page in...
Kodi 17.0 Local File Inclusion Vulnerability
This module exploits a directory traversal flaw found in Kodi before 17.1. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Kodi 17.0 Local File Inclusion Vulnerability', 'Description' = %q This...
Netgear R7000 and R6400 cgi-bin Command Injection
This module exploits an arbitrary command injection vulnerability in Netgear R7000 and R6400 router firmware version 1.0.7.21.1.93 and possibly earlier. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...
Geutebruck 5.02024 G-Cam/EFD-2250 - Remote Command Execution Exploit
Exploit for hardware platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Geutebruck testaction.cgi Remote Command Execution', 'Description' = %q...
AlienVault OSSIM/USM < 5.3.1 - Remote Code Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "AlienVault OSSIM/USM Remote Code Execution", 'Description' = %q This module exploits object injection, authentication bypass an...
HP Helion Eucalyptus Multiple Vulnerabilities
HP Helion Eucalyptus is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eucalyptus:eucalyptus"...