130 matches found
HP Intelligent Management BIMS DownloadServlet Directory Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HP Intelligent Management BIMS DownloadServlet Directory Traversal', 'Description' = %q This module exploits a lack of authentication and a...
HP Intelligent Management SOM FileDownloadServlet Arbitrary Download
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HP Intelligent Management SOM FileDownloadServlet Arbitrary Download', 'Description' = %q This module exploits a lack of authentication and acces...
Novell Groupwise Agents HTTP Directory Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Novell Groupwise Agents HTTP Directory Traversal', 'Description' = %q This module exploits a directory traversal vulnerability in Novell Groupwis...
HP Intelligent Management FaultDownloadServlet Directory Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HP Intelligent Management FaultDownloadServlet Directory Traversal', 'Description' = %q This module exploits a lack of authentication and a...
HP Intelligent Management ReportImgServlt Directory Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HP Intelligent Management ReportImgServlt Directory Traversal', 'Description' = %q This module exploits a lack of authentication and a directory...
HP Intelligent Management SOM Account Creation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HP Intelligent Management SOM Account Creation', 'Description' = %q This module exploits a lack of authentication and access control in HP...
Ahsay Backup v7.x-v8.1.1.50 (authenticated) file upload
This module exploits an authenticated insecure file upload and code execution flaw in Ahsay Backup v7.x - v8.1.1.50. To succesfully execute the upload credentials are needed, default on Ahsay Backup trial accounts are enabled so an account can be created. It can be exploited in Windows and Linux...
Microsoft Windows 2003 SP2 - RRAS SMB Remote Code Execution
Microsoft Windows 2003 SP2 - RRAS SMB Remote Code Execution !/usr/bin/env python -- coding: utf-8 -- Tested in Windows Server 2003 SP2 ES - Only works when RRAS service is enabled. The exploited vulnerability is an arbitraty pointer deference affecting the dwVarID field of the MIBOPAQUEQUERY...
Microsoft Windows 2003 SP2 ERRATICGOPHER SMB Remote Code Execution
!/usr/bin/env python -- coding: utf-8 -- By Victor Portal vportal for educational porpouse only This exploit is the python version of the ErraticGopher exploit probably with some modifications. ErraticGopher exploits a memory corruption seems to be a Heap Overflow in the Windows DCE-RPC Call...
Windows 2k3 SP2 - TCP/IP IOCTL Privilege Escalation (MS14-070) Exploit
Exploit for windows platform in category local exploits / Exploit Title: Windows 2k3 SP2 TCP/IP IOCTL Privilege Escalation MS14-070 Date: 2015-08-10 Exploit Author: Tomislav Paskalev Vulnerable Software: Windows 2003 SP2 x86 Windows 2003 SP2 x86-64 Windows 2003 SP2 IA-64 Supported vulnerable...
Microsoft Windows Shell LNK Code Execution
This module exploits a vulnerability in the MS10-046 patch to abuse again the handling of Windows Shortcut files .LNK that contain an icon resource pointing to a malicious DLL. This creates an SMB resource to provide the payload and the trigger, and generates a LNK file which must be sent to the...
Microsoft Windows Shell SMB LNK Code Execution Exploit
This Metasploit module exploits a vulnerability in the MS10-046 patch to abuse again the handling of Windows Shortcut files .LNK that contain an icon resource pointing to a malicious DLL. This creates an SMB resource to provide the payload and the trigger, and generates a LNK file which must be...
Microsoft Windows Shell LNK Code Execution
This module exploits a vulnerability in the MS10-046 patch to abuse again the handling of Windows Shortcut files .LNK that contain an icon resource pointing to a malicious DLL. This module creates the required files to exploit the vulnerability. They must be uploaded to an UNC path accessible by...
HP Client Automation Command Injection
This module exploits a command injection vulnerability on HP Client Automation, distributed actually as Persistent Systems Client Automation. The vulnerability exists in the Notify Daemon radexecd.exe, which doesn't authenticate execution requests by default. This module has been tested...
Lexmark MarkVision Enterprise - Arbitrary File Upload (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Lexmark MarkVision Enterprise Arbitrary File Upload', 'Description' = %q This module exploits a code execution flaw in Lexmark...
Lexmark MarkVision Enterprise Arbitrary File Upload
This module exploits a code execution flaw in Lexmark MarkVision Enterprise before version 2.1. A directory traversal vulnerability in the GfdFileUploadServlet servlet allows an unauthenticated attacker to upload arbitrary files, including arbitrary JSP code. This module has been tested...
Elipse E3 - HTTP Denial of Service
// Exploit Http DoS Request for SCADA ATTACK Elipse 3 // Mauro Risonho de Paula Assumpção aka firebits // [email protected] // 29-10-2013 11:42 // Vendor Homepage: http://www.elipse.com.br/port/index.aspx // Software Link: http://www.elipse.com.br/port/e3.aspx // Version: 3.x and prior //...
Elipse E3 HTTP Denial of Service Exploit
Exploit for windows platform in category dos / poc // Exploit Http DoS Request for SCADA ATTACK Elipse 3 // Mauro Risonho de Paula Assumpção aka firebits // email protected // 29-10-2013 11:42 // Vendor Homepage: http://www.elipse.com.br/port/index.aspx // Software Link:...
Windows TrackPopupMenu Win32k NULL Pointer Dereference
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'msf/core/post/windows/reflectivedllinjection' require 'rex' class Metasploit3 'Windows TrackPopupMenu Win32k NULL Pointer Dereference',...
Windows TrackPopupMenu Win32k NULL Pointer Dereference
This module exploits a NULL Pointer Dereference in win32k.sys, the vulnerability can be triggered through the use of TrackPopupMenu. Under special conditions, the NULL pointer dereference can be abused on xxxSendMessageTimeout to achieve arbitrary code execution. This module has been tested...