WSO Arbitrary File Upload / Remote Code Execution Exploit

This Metasploit module abuses a vulnerability in certain WSO2 products that allow unrestricted file upload with resultant remote code execution. This affects WSO2 API Manager 2.2.0 and above through 4.0.0; WSO2 Identity Server 5.2.0 and above through 5.11.0; WSO2 Identity Server Analytics 5.4.0,...

Log4Shell HTTP Header Injection

Versions of Apache Log4j2 impacted by CVE-2021-44228 which allow JNDI features used in configuration, log messages, and parameters, do not protect against attacker controlled LDAP and other JNDI related endpoints. This module will exploit an HTTP end point with the Log4Shell vulnerability by...

Log4Shell HTTP Header Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Log4Shell HTTP Header Injection', 'Description' = %q Versions of Apache Log4j2 impacted by CVE-2021-44228 which allow JNDI features used in...

Atlassian Confluence Widget Connector Macro - Velocity Template Injection (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Atlassian Confluence Widget Connector Macro Velocity Template Injection", 'Description' = %q Widget Connector Macro is part of Atlassian Confluen...

Atlassian Confluence Widget Connector Macro Velocity Template Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Atlassian Confluence Widget Connector Macro Velocity Template Injection", 'Description' = %q Widget Connector Macro is part of Atlassian Confluen...

Microsoft Power Point Java Payload Code Execution

Exploit Title: Microsoft Power Point Java Payload Code Execution Exploit Author: Fady Mohamed Osman @fadyosman Exploit-db : http://www.exploit-db.com/author/?a=2986 Demo Video : https://www.youtube.com/watch?v=DOJSUJK7hRo Video Tutorial : https://www.youtube.com/watch?v=Lih-iuXgEM Youtube Channel...

Microsoft Power Point 2016 - Java Code Execution Exploit

Exploit for windows platform in category local exploits Exploit Title: Microsoft Power Point Java Payload Code Execution Exploit Author: Fady Mohamed Osman @fadyosman Demo Video : https://www.youtube.com/watch?v=DOJSUJK7hRo Video Tutorial : https://www.youtube.com/watch?v=Lih-iuXgEM Youtube...

Atlassian HipChat for Jira Plugin Velocity Template Injection

Atlassian Hipchat is a web service for internal instant messaging. A plugin is available for Jira that allows team collaboration at real time. A message can be used to inject Java code into a Velocity template, and gain code execution as Jira. Authentication is required to exploit this...

Java Applet Rhino Script Engine Remote Code Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...

SoapUI 4.6.3 - Remote Code Execution

No description provided by source. Exploit Title: SoapUI Remote Code Execution Date: 25.12.13 Exploit Author: Barak Tawily Vendor Homepage: http://www.soapui.org/ http://www.soapui.org/ Software Link: http://www.soapui.org/Downloads/download-soapui-pro-trial.html...

BlackHole Toolkit v2 JAVA Payload Stage Code Execution (CVE-2012-0507; CVE-2012-1723; CVE-2013-0422; CVE-2013-0431; CVE-2013-1493)

BlackHole is a web exploit kit that operates by delivering malicious payload to the victim's computer. Remote attackers can infect users with BlackHole by enticing them to visit a malicious web page. Successful infection will allow the attacker to download additional malware to the target...

Java Applet ProviderSkeleton Insecure Invoke Method

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' class Metasploit3 false EXPLOITSTRING =...

Apple Safari file:// Arbitrary Code Execution

Exploit for macOS platform in category remote exploits $Id: safarifilepolicy.rb 13967 2011-10-17 03:49:49Z todb $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on...

Java RMI Server Insecure Default Configuration Java Code Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Java RMI Server Insecure Default...

Adobe ColdFusion - Directory Traversal

$Id: coldfusiontraversal.rb 11986 2011-03-16 10:15:54Z swtornio $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Sun Java Web Start BasicServiceImpl Remote Code Execution Exploit

$Id: javabasicserviceimpl.rb 10488 2010-09-26 23:55:03Z egypt $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Adobe RoboHelp Server 8 Arbitrary File Upload and Execute

This module exploits an authentication bypass vulnerability which allows remote attackers to upload and execute arbitrary code. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule /Apache-Coyote/...