13 matches found
Cambium CnPilot R200/r201 Login Scanner And Config Dump
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cambium cnPilot r200/r201 Login Scanner and Config Dump', 'Description' = % This module scans for Cambium cnPilot r200/r201 management login...
HTTP Client Automatic Exploiter 2 (Browser Autopwn)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "HTTP Client Automatic Exploiter 2 Browser Autopwn", 'Description' = %q This module will automatically serve browser exploits. Here are the option...
OpenMediaVault rpc.php Authenticated Cron Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenMediaVault rpc.php Authenticated Cron Remote Code Execution', 'Description' = %q OpenMediaVault allows an authenticated user to create cron...
CVE-2024-24919
Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available. Recent assessments: remmons-r7 at May 30...
PT-2021-23636
ParsedReport CompletenessLow 07-10-2025 Crimson Collective: A New Threat Group Observed Operating in the Cloud https://www.rapid7.com/blog/post/tr-crimson-collective-a-new-threat-group-observed-operating-in-the-cloud Report completeness: Low Actors/Campaigns: Crimson collective Threats: Truffleho...
Cambium cnPilot r200/r201 Login Scanner and Config Dump
This module scans for Cambium cnPilot r200/r201 management login portals, attempts to identify valid credentials, and dump device configuration. The device has at least two 2 users - admin and user. Due to an access control vulnerability, it is possible for 'user' account to access full device...
Metasploit Web UI Static secret_key_base Value
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule NullSerializer @serializer = options:serializer || Marshal end def encryptandsignvalue...
GNU Wget FTP Symlink Arbitrary Filesystem Access
This module exploits a vulnerability in Wget when used in recursive -r mode with a FTP server as a destination. A symlink is used to allow arbitrary writes to the target's filesystem. To specify content for the file, use the "file:/path" syntax for the TARGETDATA option. Tested successfully with...
Supermicro Onboard IPMI close_window.cgi Buffer Overflow
This module exploits a buffer overflow on the Supermicro Onboard IPMI controller web interface. The vulnerability exists on the closewindow.cgi CGI application, and is due to the insecure usage of strcpy. In order to get a session, the module will execute system from libc with an arbitrary CMD...
Supermicro Onboard IPMI Static SSL Certificate Scanner
This module checks for a static SSL certificate shipped with Supermicro Onboard IPMI controllers. An attacker with access to the publicly-available firmware can perform man-in-the-middle attacks and offline decryption of communication to the controller. This module has been on a Supermicro Onboar...
NAS4Free Arbitrary Remote Code Execution
NAS4Free allows an authenticated user to post PHP code to a special HTTP script and have the code executed remotely. This module was successfully tested against NAS4Free version 9.1.0.1.804. Earlier builds are likely to be vulnerable as well. This module requires Metasploit:...
MiniUPnPd 1.0 Stack Buffer Overflow Remote Code Execution
This module exploits the MiniUPnP 1.0 SOAP stack buffer overflow vulnerability present in the SOAPAction HTTP header handling. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MiniUPnPd 1.0 Stac...
Mutiny 5 Arbitrary File Upload
This module exploits a code execution flaw in the Mutiny 5 appliance. The EditDocument servlet provides a file upload function to authenticated users. A directory traversal vulnerability in the same functionality allows for arbitrary file upload, which results in arbitrary code execution with roo...