HTTP Fetch, Reverse TCP Stager

Fetch and execute an ARMLE payload from an HTTP server. Connect back to the attacker Module Options msf use payload/cmd/linux/http/armle/meterpreter/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options ...show and set...

CVE-2024-1709

ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems. Recent assessments: sfewer-r7 at February 22, 2024 4:54pm UTC reported:...

CVE-2023-20273

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web...

CVE-2021-26295

Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz. Recent assessments: zeroSteiner at March 31, 2021 1:24pm UTC reported: This vulnerability is pretty straightforward to exploit. It is due to an...

Documalis Free PDF Editor 5.7.2.26 / Documalis Free PDF Scanner 5.7.2.122 Buffer Overflow Exploit

Documalis Free PDF Editor version 5.7.2.26 and Documalis Free PDF Scanner version 5.7.2.122 do not appropriately validate the contents of JPEG images contained within a PDF. Attackers can exploit this vulnerability to trigger a buffer overflow on the stack and gain remote code execution as the us...

CVE-2020-13166

The management tool in MyLittleAdmin 3.8 allows remote attackers to execute arbitrary code because machineKey is hardcoded the same for all customers’ installations in web.config, and can be used to send serialized ASP code. Recent assessments: wvu-r7 at May 21, 2020 5:50am UTC reported: Metasplo...

CoreFTP 2.0 Build 674 SIZE - Directory Traversal (Metasploit)

class MetasploitModule 'CVE-2019-9648 CoreFTP FTP Server Version 674 and below SIZE Directory Traversal', 'Description' = %qAn issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. A directory traversal vulnerability exists using the SIZE command along with a .......

Android Janus APK Signature Bypass

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/payload/apk' class MetasploitModule "Android Janus APK Signature bypass", 'Description' = %q This module exploits CVE-2017-13156 in Android to install ...

ManageEngine EventLog Analyzer - Multiple Vulnerabilities (2)

Exploit for multiple platform in category web applications Multiple vulnerabilities in ManageEngine EventLog Analyzer Discovered by Pedro Ribeiro email protected, Agile Information Security ========================================================================== Disclosure: 05/11/2014 / Last...

Linux Kernel 4.4 (Ubuntu 16.04) - BPF Local Privilege Escalation (Metasploit)

Linux kernel versions 4.4 and above where CONFIGBPFSYSCALL and kernel.unprivilegedbpfdisabled sysctl is not set to 1 allow for BPF to be abused for privilege escalation. Ubuntu 16.04 has all of these conditions met. This module requires Metasploit: http://metasploit.com/download Current source:...

AppLocker Execution Prevention Bypass

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class Metasploit4 'AppLocker Execution Prevention Bypass', 'Description' = %q This module will generate a .NET service executable on the target and utilise InstallUtil to...

ManageEngine EventLog Analyzer SQL / Credential Disclosure

ManageEngine EventLog Analyzer suffers from SQL information and credential disclosure vulnerabilities. This is the 6th part of the ManageOwnage series. For previous parts see 1. This time we have two 0 day vulns CVE-2014-6038 and 6039 that can be abused to dump information from the database and...

Android Open Source Platform (AOSP) Browser UXSS

This module exploits a Universal Cross-Site Scripting UXSS vulnerability present in all versions of Android's open source stock browser before 4.4, and Android apps running on 'Android Open Source Platform AOSP Browser UXSS', 'Description' = %q This module exploits a Universal Cross-Site Scriptin...

Sun Java Applet2ClassLoader - Remote Code Execution Exploit

No description provided by source. $Id: javacodebasetrust.rb 11983 2011-03-16 05:01:29Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms ...

Ricoh DC DL-10 SR10 FTP USER Command Buffer Overflow"

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...

SkyBlueCanvas CMS Remote Code Execution Exploit

This Metasploit module exploits an arbitrary command execution vulnerability in SkyBlueCanvas CMS version 1.1 r248-03 and below. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3...

IcoFX - Local Stack Buffer Overflow (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'IcoFX Stack Buffer Overflow', 'Description' = %q This module exploits a stack-based buffer overflow vulnerability in version 2.1 of...

Sun Java Web Start Double Quote Injection

======================================================== Java Web Start Double Quote Inject Remote Code Execution ======================================================== Date: Jun 12 2012 updated: Jun 6 2013 Author: Rh0 Version: At least Java 1.6.31 to 1.6.35 and 1.7.03 to 1.7.07 Tested on:...

Microsoft Internet Explorer 8 - Fixed Col Span ID (Full ASLR + DEP Bypass) (MS12-037)

Microsoft Internet Explorer 8 - Fixed Col Span ID Full ASLR + DEP Bypass MS12-037 function strtointstr return str.charCodeAt10x10000 + str.charCodeAt0; var free = "EEEE"; while free.length 500 free +=...

Internet Explorer 8 Fixed Col Span ID full ASLR & DEP bypass

Exploit for windows platform in category remote exploits function strtointstr return str.charCodeAt10x10000 + str.charCodeAt0; var free = "EEEE"; while free.length 500 free += free; var string1 = "AAAA"; while string1.length 500 string1 += string1; var string2 = "BBBB"; while string2.length 500...