78 matches found
NUUO NVRmini 2 / NETGEAR ReadyNAS Surveillance Default Configuration Load And Administrator Password Reset
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NUUO NVRmini 2 / NETGEAR ReadyNAS Surveillance Default Configuration Load and Administrator Password Reset', 'Description' = %q The NVRmini 2...
D-Link I2eye Video Conference AutoAnswer (WDBRPC)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'D-Link i2eye Video Conference AutoAnswer WDBRPC', 'Description' = %q This module can be used to enable auto-answer mode for the D-Link i2eye vide...
NETGEAR ProSafe Network Management System 300 Authenticated File Download
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NETGEAR ProSafe Network Management System 300 Authenticated File Download', 'Description' = %q Netgear's ProSafe NMS300 is a network management...
Apache XML Security For Java vulnerable to authentication bypass by HMAC truncation
The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in multiple products. The Apache XML Security Java is affected by the vulnerability published in US-Cert VU 466161. See: http://www.kb.cert.org/vuls/id/466161 for more information. This bug can allow ...
Wago PFC200 - Authenticated Remote Code Execution Exploit
Exploit for hardware platform in category web applications Exploit Title: Wago PFC200 - Authenticated Remote Code Execution Metasploit Exploit Author: Nico Jansen 0x483d Vendor Homepage: https://www.wago.com/ Version: 'Wago PFC200 authenticated remote code execution', 'Description' = %q The Wago...
Wago PFC200 - Authenticated Remote Code Execution (Metasploit)
Exploit Title: Wago PFC200 - Authenticated Remote Code Execution Metasploit Date: 2020-02-05 Exploit Author: Nico Jansen 0x483d Vendor Homepage: https://www.wago.com/ Version: 'Wago PFC200 authenticated remote code execution', 'Description' = %q The Wago PFC200 up to incl. Firmware 11 020835 is...
Transport Layer Security (TLS) Vulnerability
CERT Coordination Center CERT/CC has released information on a Transport Layer Security TLS vulnerability. Exploitation of this vulnerability could allow an attacker to access sensitive information. The TLS vulnerability is also known as Return of Bleichenbacher's Oracle Threat ROBOT. ROBOT allow...
dnaLIMS Admin Module Command Execution Exploit
Usage Info msf use exploit/linux/http/dnalimsadminexec msf exploitdnalimsadminexec show targets ...targets... msf exploitdnalimsadminexec set TARGET msf exploitdnalimsadminexec show options ...show and set options... msf exploitdnalimsadminexec exploit This module requires Metasploit:...
Centreon < 2.5.1 / Centreon Enterprise Server < 2.2 - SQL Injection / Command Injection Exploi
Exploit for linux platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Centreon SQL and Command Injection', 'Description' = %q This module...
dnaLIMS Admin Module Command Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'dnaLIMS Admin Module Command Execution', 'Description' = %q This module utilizes an administrative module which allows for...
dnaLIMS Admin Module Command Execution
This module utilizes an administrative module which allows for command execution. This page is completely unprotected from any authentication when given a POST request. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework...
Ektron 8.5 / 8.7 / 9.0 XSLT Transform Remote Code Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Ektron 8.5, 8.7, 9.0 XSLT Transform Remote Code Execution', 'Description' = %q Ektron 8.5, 8.7 'catatonicprime' , 'License' =...
Netgear R7000 and R6400 cgi-bin Command Injection
This module exploits an arbitrary command injection vulnerability in Netgear R7000 and R6400 router firmware version 1.0.7.21.1.93 and possibly earlier. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...
Dlink DIR Routers - Unauthenticated HNAP Login Stack Buffer Overflow (Metasploit) Exploit
Exploit for hardware platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' Payload working status: MIPS: - all valid payloads working the ones that we are able to send...
D-Link DIR-Series Routers - HNAP Login Stack Buffer Overflow (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' Payload working status: MIPS: - all valid payloads working the ones that we are able to send without null bytes ARM: - inline rev/bind shell works...
NUUO NVRmini 2 / NETGEAR ReadyNAS Surveillance Unauthenticated Remote Code Execution
The NVRmini 2 Network Video Recorder and the ReadyNAS Surveillance application are vulnerable to an unauthenticated remote code execution on the exposed web administration interface. This results in code execution as root in the NVRmini and the 'admin' user in ReadyNAS. This exploit has been test...
Bomgar Remote Support Unauthenticated Code Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Bomgar Remote Support Unauthenticated Code Execution', 'Description' = %q This module exploits a vulnerability in the Bomgar Remote...
NETGEAR ProSafe Network Management System 300 Arbitrary File Upload
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'NETGEAR ProSafe Network Management System 300 Arbitrary File Upload', 'Description' = %q Netgear's ProSafe NMS300 is a network...
NETGEAR ProSafe Network Management System 300 Authenticated File Download
Netgear's ProSafe NMS300 is a network management utility that runs on Windows systems. The application has a file download vulnerability that can be exploited by an authenticated remote attacker to download any file in the system. This module has been tested with versions 1.5.0.2, 1.4.0.17 and...
Huawei Datacard Information Disclosure Vulnerability
This module exploits an unauthenticated information disclosure vulnerability in Huawei SOHO routers. The module will gather information by accessing the /api pages where authentication is not required, allowing configuration changes as well as information disclosure, including any stored SMS. Thi...