Immunity Canvas: SMBGHOST_LPE

Name| smbghostlpe ---|--- CVE| CVE-2020-0796 Exploit Pack| CANVAS Description| smbghostlpe Notes| CVE Name: CVE-2020-0796 Notes: Tested: - Windows 10 1903 x64 - Windows 10 1909 x64 VENDOR: Microsoft CVE Url: https://nvd.nist.gov/vuln/detail/CVE-2020-0796 CVSS: 10.0...

Immunity Canvas: SMBGHOST

Name| SMBGHOST ---|--- CVE| CVE-2020-0796-1 Exploit Pack| CANVAS Description| SMBGHOST Notes| CVE Name: CVE-2020-0796 VENDOR: Microsoft NOTES: some notes here VersionsAffected: VERSIONS Repeatability: None References:...

Immunity Canvas: OWA_RCE

Name| owarce ---|--- CVE| CVE-2020-0688 Exploit Pack| CANVAS Description| owarce Notes| CVE Name: CVE-2020-0688 VENDOR: Microsoft NOTES: This exploit has been tested on Microsoft Exchange Server 2016 CU 15 VersionsAffected: VERSIONS Repeatability: Infinite References:...

Immunity Canvas: SSRS_VIEWSTATE_RCE

Name| ssrsviewstaterce ---|--- CVE| CVE-2020-0618 Exploit Pack| CANVAS Description| ssrsviewstaterce Notes| CVE Name: CVE-2020-0618 VENDOR: Microsoft NOTES: This exploit has been tested on SQL Server 2016 VersionsAffected: VERSIONS Repeatability: Infinite References:...

Immunity Canvas: ZABBIX

Name| zabbix ---|--- CVE| CVE-2013-3628 Exploit Pack| CANVAS Description| Zabbix = 2.0.8 PHP File inclusion exploit Notes| Repeatability: Infinite VENDOR: Zabbix CVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-3628 CVE Name: CVE-2013-3628...

Immunity Canvas: NETSCALER_TRAVERSAL_RCE

Name| netscalertraversalrce ---|--- CVE| CVE-2019-19781 Exploit Pack| CANVAS Description| netscalertraversalrce Notes| CVE Name: CVE-2019-19781 VENDOR: Citrix NOTES: This version of the module will take care of all our artifacts and will report them just to be safe in case something went wrong...

Immunity Canvas: RCONFIG_AJAXSERVER_RCE

Name| rconfigajaxserverrce ---|--- CVE| CVE-2019-16662 Exploit Pack| CANVAS Description| rconfigajaxserverrce Notes| CVE Name: CVE-2019-16662 VENDOR: rConfig NOTES: The current exploit initializes a tcp server to serve the mosdef callback port 8080 IMPORTANT: In the path textfield you need the pa...

Immunity Canvas: ERROR_REPORTING_LPE

Name| errorreportinglpe ---|--- CVE| CVE-2019-1315 Exploit Pack| CANVAS Description| Windows Error Reporting Manager arbitrary file move LPE Notes| CVE Name: CVE-2019-1315 Notes: Repeatability: Once IMPORTANT: This Local Privilege Escalation exploit module only works without internet conection Th...

Immunity Canvas: VBULLETIN_WIDGET_RCE

Name| vbulletinwidgetrce ---|--- CVE| CVE-2019-16759 Exploit Pack| CANVAS Description| RCE via widgetConfigcode paramater in vBulletin Notes| CVE Name: CVE-2019-16759 VENDOR: vBulletin NOTES: An unauthenticated code execution bug can be exploited on the vBulletin core for the following versions:...

Immunity Canvas: ALPC_APPXEDGE_LPE

Name| alpcappxedgelpe ---|--- CVE| CVE-2019-1253 Exploit Pack| CANVAS Description| ALPC Appx Edge LPE Notes| CVE Name: CVE-2019-1253 Notes: Affected versions: Windows 10 1703 x64 Windows 10 1703 x86 Windows 10 1709 x64 Windows 10 1709 x86 Windows 10 1803 x64 Windows 10 1803 x86 Windows 10 1809 x6...

Immunity Canvas: EXIM_EXPANSION_RCE

Name| eximexpansionrce ---|--- CVE| CVE-2019-10149 Exploit Pack| CANVAS Description| eximexpansionrce Notes| CVE Name: CVE-2019-10149 VENDOR: Exim NOTES: A vulnerability exists in Exim since version 4.85 that allows for the execution of remote commands as the root user on a system. Current versio...

Immunity Canvas: BLUEKEEP

Name| BLUEKEEP ---|--- CVE| CVE-2019-0708 Exploit Pack| CANVAS Description| BLUEKEEP - Remote command execution RDP Notes| CVE Name: CVE-2019-0708 VENDOR: Microsoft NOTES: -- IMPORTANT -- The module is currently in beta stage. If you do not select "Allow remote code execution" from the module's...

Immunity Canvas: SNAPD_UID_OVERWRITE

Name| snapduidoverwrite ---|--- CVE| CVE-2019-7304 Exploit Pack| CANVAS Description| snapduidoverwrite Notes| CVE Name: CVE-2019-7304 VENDOR: snapd team NOTES: The snapd service runs as an REST API using a Unix Domain Socket, is possible to send request when the uid is 0 root, the vulnerability i...

Immunity Canvas: DDE_CLOSEHANDLE_LPE

Name| ddeclosehandlelpe ---|--- CVE| CVE-2019-0803 Exploit Pack| CANVAS Description| ddeclosehandlelpe Notes| CVE Name: CVE-2019-0803 Notes: Tested: - Windows 7 x64 - Windows 10 x64 1703 VENDOR: Microsoft CVE Url: https://nvd.nist.gov/vuln/detail/CVE-2019-0803 CVSS: 7.8...

Immunity Canvas: ALPC_TAKEOVER_LPE

Name| alpctakeoverlpe ---|--- CVE| CVE-2019-0841 Exploit Pack| CANVAS Description| ALPC Takeover LPE Notes| CVE Name: CVE-2019-0841 NOTES: Works with Medium Integrity Level Tested: - Windows 10 1703 x64 - Windows 10 1709 x64 - Windows 10 1803 x86, x64 - Windows 10 1809 x86, x64 VENDOR: Microsoft...

Immunity Canvas: MENU_CONFUSION_LPE

Name| menuconfusionlpe ---|--- CVE| CVE-2019-0859 Exploit Pack| CANVAS Description| Menu Confusion LPE Notes| CVE Name: CVE-2019-0859 Notes: Tested: - Windows 7 x64 - Windows 8.1 x64 Untested: - Windows 10 x64 1607 It should work on Windows 10 x64 1607 version but it is untested VENDOR: Microsoft...

Immunity Canvas: RAILS_ACCEPT_READFILE

Name| railsacceptreadfile ---|--- CVE| CVE-2019-5418 Exploit Pack| CANVAS Description| Ruby on Rails Arbitrary File Read CVE-2019-5418 Notes| CVE Name: CVE-2019-5418 VENDOR: Rails NOTES: The vulnerability resides in Action View in combination with calls to 'render file:' in a controller. You need...

Immunity Canvas: RAILS_ACTIVESTORAGE_RCE

Name| railsactivestoragerce ---|--- CVE| CVE-2019-5420 Exploit Pack| CANVAS Description| Ruby on Rails Arbitrary Deserialization RCE CVE-2019-5420 Notes| CVE Name: CVE-2019-5420 VENDOR: Rails NOTES: The vulnerability resides in the ActionStorage component of Ruby on Rails due to insufficient...

Immunity Canvas: CONFLUENCE_MACRO_LFI

Name| confluencemacrolfi ---|--- CVE| CVE-2019-3396 Exploit Pack| CANVAS Description| Confluence Server and Data Center - LFI CVE-2019-3396 Notes| Repeatability: NOTES: A Default behavior =================== By default, this module attempts to automatically locate and then fetch the confluence...

Immunity Canvas: JENKINS_CHECKSCRIPT_RCE

Name| jenkinscheckscriptrce ---|--- CVE| CVE-2019-1003029 Exploit Pack| CANVAS Description| RCE on Jenkins checkScript Notes| CVE Name: CVE-2019-1003029 CVE-2019-1003005 CVE-2018-1000861 VENDOR: Jenkins NOTES: Groovy Plugin supports sandboxed Groovy expressions for its 'System Groovy'...

Immunity Canvas: DESTROYCLASS_UAF_LPE

Name| destroyclassuaflpe ---|--- CVE| CVE-2019-0623 Exploit Pack| CANVAS Description| DestroyClass UAF LPE Notes| CVE Name: CVE-2019-0623 Notes: Tested: - Windows 7 x64 VENDOR: Microsoft CVE Url: https://nvd.nist.gov/vuln/detail/CVE-2019-0623 CVSS: 10.0...

Immunity Canvas: DRUPAL_SERVICES_RCE

Name| drupalservicesrce ---|--- CVE| CVE-2019-6340 Exploit Pack| CANVAS Description| CVE-2019-6340 Notes| CVE Name: CVE-2019-6340 VENDOR: Drupal NOTES: An unauthenticated unserialization bug can be exploited on the RESTful Web Services module on the Drupal core for the following versions: 7.X...

Immunity Canvas: ADOBE_FLASH_METADATA_UAF

Name| adobeflashmetadatauaf ---|--- CVE| CVE-2018-15982 Exploit Pack| CANVAS Description| adobeflashmetadatauaf Notes| CVE Name: CVE-2018-15982 VENDOR: Adobe NOTES: In the package com.adobe.tvsdk.mediacore.metadata the setObject method does not set a reference to the key String Object so if we...

Immunity Canvas: JQUERY_FILE_UPLOAD

Name| jqueryfileupload ---|--- CVE| CVE-2018-9206 Exploit Pack| CANVAS Description| Blueimp jQuery-File-Upload Arbitrary Upload Notes| CVE Name: CVE-2018-9206 VENDOR: Notes: The exploit tests different paths on the target server Repeatability: Infinite References:...

Immunity Canvas: SETWINDOWFNID_LPE

Name| setwindowfnidlpe ---|--- CVE| CVE-2018-8453 Exploit Pack| CANVAS Description| SetWindowFNID LPE Notes| CVE Name: CVE-2018-8453 Notes: Tested: - Windows 10 x64 1703 - Windows 10 x64 1709 VENDOR: Microsoft CVE Url: https://nvd.nist.gov/vuln/detail/CVE-2018-8453 CVSS: 7.8...

Immunity Canvas: DMESG_LEAK

Name| dmesgleak ---|--- CVE| CVE-2018-14656 Exploit Pack| CANVAS Description| dmesgleak Notes| CVE Name: CVE-2018-14656 NOTES: This module gives an unpriviledged user the ability to dump a file from the kernel memory. A common scenario is to dump the /etc/shadow or kerberos tickets. Note: This on...

Immunity Canvas: COLDFUSION_RCE

Name| coldfusionrce ---|--- CVE| CVE-2018-15957 Exploit Pack| CANVAS Description| CVE-2018-15957 Notes| CVE Name: CVE-2018-15957 VENDOR: Oracle NOTES: This exploit will work against ColdFusion 2018 update 1, ColdeFusion 2016 = update 6 and ColdFusion 11 = update 14. Repeatability: Infinite...

Immunity Canvas: ALPC_TASKSCHED_LPE

Name| alpctaskschedlpe ---|--- CVE| CVE-2018-8440 Exploit Pack| CANVAS Description| ALPC Tasksched LPE Notes| CVE Name: CVE-2018-8440 Notes: WARNING: The PrintConfig.dll on the target host will be overwritten when the exploit runs. Tested: Windows 10 1703 x64 Windows 10 1803 x86 VENDOR: Microsoft...

Immunity Canvas: UNMARSHAL_TO_SYSTEM

Name| unmarshaltosystem ---|--- CVE| CVE-2018-0824 Exploit Pack| CANVAS Description| CVE-2018-0824 QC Marshal Interceptor Insecure COM Unmarshal LPE Notes| CVE Name: CVE-2018-0824 VENDOR: Microsoft Notes: Tested against: --------------- Windows 7 x86 - NOT VULNERABLE Windows Server 2016 - NOT...

Immunity Canvas: SSH_ENUM

Name| sshenum ---|--- CVE| CVE-2018-15473 Exploit Pack| CANVAS Description| sshenum Notes| CVE Name: CVE-2018-15473 VENDOR: The OpenBSD Project NOTES: Module will use different techniques in order to enumerate users on target hosts As for the file containing usernames, they should be one per line...

Immunity Canvas: SHOW_TIMER_LEAK

Name| showtimerleak ---|--- CVE| CVE-2017-18344 Exploit Pack| CANVAS Description| showtimerleak Notes| CVE Name: CVE-2017-18344 NOTES: This module gives an unpriviledged user the ability to dump a file from the kernel memory. A common scenario is to dump the /etc/shadow or kerberos tickets. Note:...

Immunity Canvas: WLS_CORE_DESERIALIZATION

Name| wlscoredeserialization ---|--- CVE| CVE-2018-2893 Exploit Pack| CANVAS Description| wlscoredeserialization Notes| CVE Name: CVE-2018-2893 VENDOR: Oracle NOTES: Tested on WebLogic 10.3.6.0 and 12.2.1.2 with JDK 1.7.X. Vulnerability in the Oracle WebLogic Server component of Oracle Fusion...

Immunity Canvas: SETIMEINFOEX_LPE

Name| setimeinfoexlpe ---|--- CVE| CVE-2018-8120 Exploit Pack| CANVAS Description| SetImeInfoEx LPE Notes| CVE Name: CVE-2018-8120 Notes: Tested: Windows 7 x64 Windows 7 x86 Windows Vista x86 Windows 2008 R2 x64 VENDOR: Microsoft CVE Url: https://nvd.nist.gov/vuln/detail/CVE-2018-8120 CVSS: 7.0...

Immunity Canvas: NTFS3G_MODPROBE

Name| ntfs3gmodprobe ---|--- CVE| CVE-2017-0358 Exploit Pack| CANVAS Description| ntfs-3g local privilege escalation Notes| CVE Name: CVE-2017-0358 VENDOR: GNU Notes: Tested and working on: Debian 8.8 jessie 64 bits Linux 3.16.0-4-amd64 1 SMP Debian 3.16.43-2+deb8u2 2017-06-26 x8664 GNU/Linux...

Immunity Canvas: IDRAC_APPWEB_RCE

Name| idracappwebrce ---|--- CVE| CVE-2018-1207 Exploit Pack| CANVAS Description| iDrac8 WebApp RCE Notes| CVE Name: CVE-2018-1207 NOTES: This module exploits a CGI Injection vulnerability in iDRAC8 in order to achieve Remote Code Execution. We upload a shared library that we can then invoke with...

Immunity Canvas: HP_IMC_RCE

Name| hpimcrce ---|--- CVE| CVE-2017-5816 Exploit Pack| CANVAS Description| HP iMC Plat 7.2 dbman Code Execution Linux Notes| References: http://www.zerodayinitiative.com/advisories/ZDI-17-340/ Repeatability: Infinite VENDOR: Hewlett Packard CVE Url:...

Immunity Canvas: HPE_ILO4_ADDNEWADMIN

Name| hpeilo4addNewAdmin ---|--- CVE| CVE-2017-12542 Exploit Pack| CANVAS Description| HPE iLO 4 - AddNewAdmin Notes| CVE Name: CVE-2017-12542 VENDOR: Hewlett Packard Enterprise Changelog: Notes: Vulnerable versions: HPE iLO 4 2.53 References:...

Immunity Canvas: EXIM_HEAP_OVERFLOW

Name| eximheapoverflow ---|--- CVE| CVE-2018-6789 Exploit Pack| CANVAS Description| eximheapoverflow Notes| CVE Name: CVE-2018-6789 VENDOR: Exim NOTES: There is a buffer overflow in the b64decode function, this bug exists since the first commit of exim, hence ALL versions are affected. This explo...

Immunity Canvas: JENKINS_XSTREAM_RCE

Name| jenkinsxstreamrce ---|--- CVE| CVE-2017-2068 Exploit Pack| CANVAS Description| jenkinsxstreamrce Notes| CVE Name: CVE-2017-2068 VENDOR: Jenkins NOTES: XStream-based APIs in Jenkins CI previous to version 2.44 are vulnerable to a remote code execution vulnerability involving the...

Immunity Canvas: SPECTRE_SAM_LEAK

Name| spectresamleak ---|--- CVE| CVE-2017-5753-1 Exploit Pack| CANVAS Description| Spectre Sam Leak Notes| CVE Name: CVE-2017-5753 Notes: The final version should also handle Windows 2016 and 10. In fact the backend is perfectly working on Windows 2016 but libwincreds is not able to deal with...

Immunity Canvas: SPECTRE_FILE_LEAK

Name| spectrefileleak ---|--- CVE| CVE-2017-5753 Exploit Pack| CANVAS Description| Spectre File Leak Notes| CVE Name: CVE-2017-5753 Notes: This module gives an unpriviledged user the ability to dump a file from the kernel memory. A common scenario is to dump the /etc/shadow or kerberos tickets...

Immunity Canvas: GOAHEAD_ENV_RCE

Name| goaheadenvrce ---|--- CVE| CVE-2017-17562 Exploit Pack| CANVAS Description| GoAhead 3.6.5 Remote Code Exec Notes| References: https://www.elttam.com.au/blog/goahead/ Repeatability: Unlimited VENDOR: EmbedThis Software CVE Url: https://nvd.nist.gov/vuln/detail/CVE-2017-17562 CVE Name:...

Immunity Canvas: COUCHDB_ROLES

Name| couchdbroles ---|--- CVE| CVE-2017-12635 Exploit Pack| CANVAS Description| Apache CouchDB Authentication Bypass RCE Notes| CVE Name: CVE-2017-12635 VENDOR: http://couchdb.apache.org/ Notes: 12/8/2017 Windows 10 / CouchDB 2.0.0 - Exploit created Ubuntu 14.04 / CouchDB 1.5.0 - Exploit created...

Immunity Canvas: WPUSERPRO_RCE

Name| wpuserprorce ---|--- CVE| CVE-2017-16562 Exploit Pack| CANVAS Description| Wordpress Remote Command Execution Through UserPro Plugin login bypass Notes| References: https://www.exploit-db.com/exploits/43117/ Repeatability: Infinite VENDOR: UserPro Plugin CVE Url:...

Immunity Canvas: JBOSS6_JMXINVOKERSERVLET_DESERIALIZE

Name| jboss6jmxinvokerservletdeserialize ---|--- CVE| CVE-2015-7501 Exploit Pack| CANVAS Description| jboss6jmxinvokerservletdeserialize Notes| CVE Name: CVE-2015-7501 VENDOR: Red Hat NOTES: IMPORTANT NOTE: Any instance of this application running Apache Commons Collections version prior to 3.0...

Immunity Canvas: WEBLOGIC_T3_DESERIALIZATION

Name| weblogict3deserialization ---|--- CVE| CVE-2015-4852 Exploit Pack| CANVAS Description| weblogict3deserialization Notes| CVE Name: CVE-2015-4852 VENDOR: Oracle NOTES: IMPORTANT NOTE: Any instance of this application running Apache Commons Collections version prior to 3.0 WILL NOT WORK...

Immunity Canvas: TOMCAT_FILE_UPLOAD

Name| tomcatfileupload ---|--- CVE| CVE-2017-12615 Exploit Pack| CANVAS Description| Tomcat - Arbitrary File Upload CVE-2017-12615 Notes| Repeatability: VENDOR: Apache CVE Url: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12615 CVE Name: CVE-2017-12615...

Immunity Canvas: EMACS_ENRICHED

Name| emacsenriched ---|--- CVE| CVE-2017-14482 Exploit Pack| CANVAS Description| Emacs Enriched Mime-type Handler Arbitrary ELISP Execution Notes| CVE Name: CVE-2017-14482 VENDOR: https://www.gnu.org/software/emacs/ Notes: Either email this to someone using the GNUS email client or convince them...

Immunity Canvas: OFFICE_WSDL

Name| officewsdl ---|--- CVE| CVE-2017-8759, CVE-2017-8570 Exploit Pack| CANVAS Description| Microsoft Office Moniker/WSDL C Injection Notes| CVE Name: CVE-2017-8759, CVE-2017-8570 VENDOR: https://office.com Notes: Send the resulting document to someone and have them open it. If the target is...

Immunity Canvas: BRIGHTMAIL_RESTORE

Name| brightmailrestore ---|--- CVE| CVE-2017-6327 Exploit Pack| CANVAS Description| Symantec Brightmail Pre-Auth Command Injection Notes| CVE Name: CVE-2017-6327 VENDOR: http://symantec.com Notes: Tested on: Symantec Messaging Gateway 10.6.3 Appliance SPECIAL: on SMG versions = 10.6.3, our...