BYOB Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'sqlite3' class MetasploitModule 'BYOB Unauthenticated RCE via Arbitrary File Write and Command Injection CVE-2024-45256, CVE-2024-45257', 'Description' = %q Thi...

Microsoft Windows TOCTOU Local Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Kernel Time of Check Time of Use LPE in AuthzBasepCopyoutInternalSecurityAttributes', 'Description' = %q CVE-2024-30088 is a Windows Kern...

F5 BIG-IP Backend Cookie Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'F5 BIG-IP Backend Cookie Disclosure', 'Description' = %q This module identifies F5 BIG-IP load balancers and leaks backend information pool name,...

WordPress GiveWP Donation / Fundraising Platform 3.14.1 Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GiveWP Unauthenticated Donation Process Exploit', 'Description' = %q The GiveWP Donation Plugin and Fundraising Platform plugin for WordPress in...

WordPress GiveWP Donation / Fundraising Platform 3.14.1 Code Execution Exploit

The GiveWP Donation plugin and Fundraising Platform plugin for WordPress in all versions up to and including 3.14.1 is vulnerable to a PHP object injection POI flaw granting an unauthenticated attacker arbitrary code execution. This module requires Metasploit: https://metasploit.com/download...

Ray Agent Job Remote Code Execution Exploit

This Metasploit modules demonstrates remote code execution in Ray via the agent job submission endpoint. This is intended functionality as Ray's main purpose is executing arbitrary workloads. By default Ray has no authentication. This module requires Metasploit: https://metasploit.com/download...

Ray Agent Job RCE

RCE in Ray via the agent job submission endpoint. This is intended functionality as Ray's main purpose is executing arbitrary workloads. By default Ray has no authentication. Module Options msf use exploit/linux/http/rayagentjobrce msf exploitrayagentjobrce show targets ...targets... msf...

Calibre Python Code Injection (CVE-2024-6782)

This module exploits a Python code injection vulnerability in the Content Server component of Calibre v6.9.0 - v7.15.0. Once enabled disabled by default, it will listen in its default configuration on all network interfaces on TCP port 8080 for incoming traffic, and does not require any...

Zyxel IKE Packet Decoder - Unauthenticated Remote Code Execution (Metasploit)

Exploit Title: Zyxel IKE Packet Decoder Unauthenticated Remote Code Execution Date: 2023-03-31 Exploit Author: sf Vendor Homepage: https://www.zyxel.com/ Software Link: https://www.zyxel.com/ Version: ATP Firmware version 4.60 to 5.35 inclusive, USG FLEX Firmware version 4.60 to 5.35 inclusive, V...

Gibbon School Platform 26.0.00 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Gibbon School Platform Authenticated PHP Deserialization Vulnerability', 'Description' = %q A Remote Code Execution vulnerability in Gibbon onlin...

WatchGuard XTM Firebox Unauthenticated Remote Command Execution Exploit

This Metasploit module exploits a buffer overflow at the administration interface 8080 or 4117 of WatchGuard Firebox and XTM appliances which is built from a cherrypy python backend sending XML-RPC requests to a C binary called wgagent using pre-authentication endpoint /agent/login. This...

Artica Proxy Unauthenticated PHP Deserialization Exploit

A command injection vulnerability in Artica Proxy appliance versions 4.50 and 4.40 allows remote attackers to run arbitrary commands via an unauthenticated HTTP request. The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and...

Saltstack Minion Payload Deployer

This exploit module uses saltstack salt to deploy a payload and run it on all targets which have been selected default all. Currently only works against nix targets. Module Options msf use exploit/linux/local/saltstacksaltminiondeployer msf exploitsaltstacksaltminiondeployer show targets...

Microsoft Error Reporting Local Privilege Elevation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft Error Reporting Local Privilege Elevation Vulnerability', 'Description' = %q This module takes advantage of a bug in the way Windows...

Windows Common Log File System Driver (clfs.sys) Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Common Log File System Driver clfs.sys Elevation of Privilege Vulnerability', 'Description' = %q A privilege escalation vulnerability...

LG Simple Editor Remote Code Execution Exploit

This Metasploit module exploits broken access control and directory traversal vulnerabilities in LG Simple Editor software for gaining code execution. The vulnerabilities exist in versions of LG Simple Editor prior to v3.21. By exploiting this flaw, an attacker can upload and execute a malicious...

SolarView Compact 6.00 Remote Command Execution Exploit

This Metasploit module exploits a command injection vulnerability on the SolarView Compact version 6.00 web application via the vulnerable endpoint downloader.php. After exploitation, an attacker will have full access with the same user privileges under which the webserver is running typically as...

Apache NiFi H2 Connection String Remote Code Execution Exploit

The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution. This exploit will result in several shells 5-7. Successfully test...

RaspAP 2.8.7 Unauthenticated Command Injection Exploit

RaspAP is feature-rich wireless router software that just works on many popular Debian-based devices, including the Raspberry Pi. A Command Injection vulnerability in RaspAP versions 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands in the context of the user running...

Rudder Server SQLI Remote Code Execution

This Metasploit module exploits a SQL injection vulnerability in RudderStack's rudder-server, an open source Customer Data Platform CDP. The vulnerability exists in versions of rudder-server prior to 1.3.0-rc.1. By exploiting this flaw, an attacker can execute arbitrary SQL commands, which may le...