Citrix Access Gateway Command Execution

$Id: citrixaccessgatewayexec.rb 11873 2011-03-03 20:51:12Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

SAP Management Console getStartProfile

This module simply attempts to access the SAP startup profile through the SAP Management Console SOAP Interface. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SAP Management Console...

Redmine SCM Repository Arbitrary Command Execution

$Id: redminescmexec.rb 11414 2010-12-25 14:43:13Z swtornio $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Redmine SCM Repository Arbitrary Command Execution

This module exploits an arbitrary command execution vulnerability in the Redmine repository controller. The flaw is triggered when a rev parameter is passed to the command line of the SCM tool without adequate filtering. This module requires Metasploit: https://metasploit.com/download Current...

ColdFusion 8.0.1 - Arbitrary File Upload / Execution (Metasploit)

$Id: coldfusionfckeditor.rb 11127 2010-11-24 19:35:38Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

SAP BusinessObjects Web User Bruteforcer

This module simply attempts to bruteforce SAP BusinessObjects users by using CmcApp. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SAP BusinessObjects Web User Bruteforcer', 'Description' =...

SAP BusinessObjects User Enumeration

This module simply attempts to enumerate SAP BusinessObjects users. The dswsbobje interface is only used to verify valid users for CmcApp. Therefore, any valid users that have been identified can be leveraged by logging into CmcApp. This module requires Metasploit: https://metasploit.com/download...

ColdFusion 8.0.1 Arbitrary File Upload And Execute

$Id: coldfusionfckeditor.rb 10874 2010-11-02 23:51:17Z mc $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Linksys WRT54 Access Point - 'apply.cgi' Remote Buffer Overflow (Metasploit)

$Id: linksysapplycgi.rb 10457 2010-09-24 16:55:38Z hdm $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework...

Lotus Domino Password Hash Collector

Get users passwords hashes from names.nsf page This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Lotus Domino Password Hash Collector', 'Description' = 'Get users passwords hashes from names.nsf...

Microsoft IIS - WebDAV Write Access Code Execution (Metasploit)

$Id: iiswebdavuploadasp.rb 10397 2010-09-20 15:59:46Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Integard Home and Pro 2 - Remote HTTP Buffer Overflow

class Metasploit3 'Integard Home/Pro version 2.0', 'Description' = %q Exploit for Integard HTTP Server, vulnerability discovered by Lincoln , 'Author' = 'Lincoln', 'Nullthreat', 'rick2600', 'corelanc0d3r' , 'License' = MSFLICENSE, 'Version' = '$Revision: $', 'References' =...

Oracle Secure Backup Authentication Bypass/Command Injection Vulnerability

This module exploits an authentication bypass vulnerability in login.php in order to execute arbitrary code via a command injection vulnerability in propertybox.php. This module was tested against Oracle Secure Backup version 10.3.0.1.0 Win32. This module requires Metasploit:...

TWiki History TWikiUsers - 'rev' Command Execution (Metasploit)

$Id: twikihistory.rb 9671 2010-07-03 06:21:31Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...

The Matt Wright Guestbook.pl - Arbitrary Command Execution (Metasploit)

$Id: guestbookssiexec.rb 9671 2010-07-03 06:21:31Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Command Stager Web Test

$Id: cmdweb.rb 8518 2010-02-16 16:38:19Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ requir...

Alt-N WebAdmin - USER Buffer Overflow (Metasploit)

$Id: altnwebadmin.rb 8498 2010-02-15 00:48:03Z hdm $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...

Apache mod_rewrite - LDAP protocol Buffer Overflow (Metasploit)

$Id: apachemodrewriteldap.rb 8498 2010-02-15 00:48:03Z hdm $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Microsoft IIS WebDAV Write Access Code Execution

$Id: iiswebdavuploadasp.rb 8413 2010-02-08 19:12:59Z hdm $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Microsoft IIS WebDAV Write Access Code Execution

This module can be used to execute a payload on IIS servers that have world-writeable directories. The payload is uploaded as an ASP script via a WebDAV PUT request. The target IIS machine must meet these conditions to be considered as exploitable: It allows 'Script resource access', Read and Wri...