CVE-2026-48064 pam_usb: PAM_RHOST check skipped when deny_remote=false allows XDMCP authentication bypass

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, when a PAM service is configured with denyremote=false in pamusb commonly done for display managers such as gdm-password or lightdm to bypass process/TTY heuristics for local sessions, the PAMRHOST...

KiTTY 0.76.1.13 - 'Start Duplicated Session Username' Buffer Overflow

Exploit Title: KiTTY 0.76.1.13 - 'Start Duplicated Session Username' Buffer Overflow Exploit Author: DEFCESCO Austin A. DeFrancesco Vendor Homepage: https://github.com/cyd01/KiTTY/= Software Link: https://github.com/cyd01/KiTTY/releases/download/v0.76.1.13/kitty-bin-0.76.1.13.zip Version: ≤...

Exploit for Server-Side Request Forgery in Microsoft

ProxyLogon-CVE-2021-26855-metasploit CVE-2021-26855 proxyLogon...

Rejetto HttpFileServer 2.3.x - Remote Command Execution (3)

Exploit Title: Rejetto HttpFileServer 2.3.x - Remote Command Execution 3 Google Dork: intext:"httpfileserver 2.3" Date: 28-11-2020 Remote: Yes Exploit Author: Óscar Andreu Vendor Homepage: http://rejetto.com/ Software Link: http://sourceforge.net/projects/hfs/ Version: 2.3.x Tested on: Windows...

Kong Gateway Admin API Remote Code Execution

frozenstringliteral: true This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Kong Gateway Admin API Remote Code Execution', 'Description' = ' This module uses the Kong admin API to create a route...

VyOS Configuration Importer

This module imports a VyOS device configuration. Module Options msf use auxiliary/admin/networking/vyosconfig msf auxiliaryvyosconfig show actions ...actions... msf auxiliaryvyosconfig set ACTION msf auxiliaryvyosconfig show options ...show and set options... msf auxiliaryvyosconfig run This modu...

Arista Configuration Importer

This module imports an Arista device configuration. Module Options msf use auxiliary/admin/networking/aristaconfig msf auxiliaryaristaconfig show actions ...actions... msf auxiliaryaristaconfig set ACTION msf auxiliaryaristaconfig show options ...show and set options... msf auxiliaryaristaconfig...

Brocade Configuration Importer

This module imports a Brocade device configuration. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Brocade Configuration Importer', 'Description' = %q This module imports a Brocade device...

Oracle WebLogic - wls-wsat Component Deserialization Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle WebLogic wls-wsat Component Deserialization RCE', 'Description' = %q The Oracle WebLogic WLS WSAT Component is vulnerable to a XML...

nje-pass-brute NSE Script

z/OS JES Network Job Entry NJE 'I record' password brute forcer. After successfully negotiating an OPEN connection request, NJE requires sending, what IBM calls, an 'I record'. This initialization record may sometimes require a password. This script, provided with a valid OHOST/RHOST for the NJE...

Witbe - Remote Code Execution

Witbe - Remote Code Execution !/usr/bin/python Exploit Title: Witbe RCE Remote Code Execution Exploit Author: BeLmar Date: 05/10/2016 DEMO : https://youtu.be/ooUFXfUfIs0 Contact : [email protected] Vendor Homepage: http://www.witbe.net Tested on: Windows7/10 & BackBox Category: Remote Exploits...

nje-node-brute NSE Script

z/OS JES Network Job Entry NJE target node name brute force. NJE node communication is made up of an OHOST and an RHOST. Both fields must be present when conducting the handshake. This script attemtps to determine the target systems NJE node name. To initiate NJE the client sends a 33 byte record...

BSD x64 Command Shell, Reverse TCP Inline

Connect back to attacker and spawn a command shell This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 81 include Msf::Payload::Single include Msf::Payload::Bsd include...

Kolibri-WebServer-2.0-GET

Exploit Title : Kolibri WebServer 2.0 Get Request SEH Exploit Exploit Author : Revin Hadi S Date : 14/07/2014 Vendor : http://www.senkas.com Version : 2.0 import socket, sys help = """Kolibri WebServer 2.0 Get Request SEH Exploit Target 1Windows XP SP2 Eng & Windows 2003 SP2 Eng 2Windows 7 SP1 En...

SAP ConfigServlet Remote Unauthenticated Payload Execution

No description provided by source. require 'msf/core' class Metasploit3 Msf::Exploit Rank = GreatRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::CmdStagerVBS def initializeinfo = superupdateinfoinfo, 'Name' = 'SAP ConfigServlet Remote Code Execution', 'Description' = %q Thi...

HP JetDirect PJL Query Execution

No description provided by source. Exploit Title: HP JetDirect PJL Query Execution Date: Aug 7, 2011 Author: Myo Soe YGN Ethical Hacker Group - http://yehg.net/ Software Link: http://www.hp.com Version: All Tested on: HP LaserJet Pxxxx Series $Id: $ This file is part of the Metasploit Framework a...

qdPM 7 - Arbitrary File upload

Exploit qdPM v.7 Arbitrary File upload Date: June 13th 2012 Author: loneferret Version: 7 Vendor Url: http://qdpm.net/ Tested on: Winddows XP / XAMPP Discovered by: loneferret Software description: Free project management tool for small team qdPM is a free web-based project management tool suitab...

TFTP Server 1.4 - ST 'RRQ' Remote Buffer Overflow

!/usr/bin/python --------------------------------------------------------------------------- Exploit: TFTP SERVER V1.4 ST RRQ Overflow OS: Windows XP PRO SP3 Author: b33f --------------------------------------------------------------------------- Smashing the stack for fun and practise... This tf...

RealVNC 4.1 Authentication Bypass

No description provided by source. $Id: realvnc41bypass.rb 13641 2011-08-26 04:40:21Z bannedit $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms...

Check for rlogin, rsh, rcp tools and configuration

Check for rlogin, rsh, rcp tools and configuration Lists /etc/inetd.conf, /etc/hosts.equiv, /etc/ftpusers, searches for .rhost, .netrc, rlogind and rshd SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...