6 matches found
Ghostscript Failed Restore Command Execution Exploit
This Metasploit module exploits a -dSAFER bypass in Ghostscript to execute arbitrary commands by handling a failed restore grestore in PostScript to disable LockSafetyParams and avoid invalidaccess. This vulnerability is reachable via libraries such as ImageMagick, and this module provides the...
Netgear DGN2200 - dnslookup.cgi Command Injection Exploit
Exploit for cgi platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'net/http' require "base64" class MetasploitModule "Netgear DGN2200 dnslookup.cgi Command Injection",...
Netgear DGN2200 dnslookup.cgi Command Injection
This module exploits a command injection vulnerablity in NETGEAR DGN2200v1/v2/v3/v4 routers by sending a specially crafted post request with valid login details. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require...
Jenkins Domain Credential Recovery
This module will collect Jenkins domain credentials, and uses the script console to decrypt each password if anonymous permission is allowed. It has been tested against Jenkins version 1.590, 1.633, and 1.638. This module requires Metasploit: https://metasploit.com/download Current source:...
GNU Bash - Environment Variable Command Injection (Metasploit)
require 'msf/core' class Metasploit3 'bashedCgi', 'Description' = %q Quick & dirty module to send the BASH exploit payload CVE-2014-6271 to CGI scripts that are BASH-based or invoke BASH, to execute an arbitrary shell command. , 'Author' = 'Stephane Chazelas', vuln discovery 'Shaun Colley '...
STUNSHELL Web Shell Remote Code Execution
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...