Immunity Canvas: SPECIAL_LNK

Name| speciallnk ---|--- CVE| CVE-2017-8464 Exploit Pack| CANVAS Description| speciallnk Notes| References: 'https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8464', 'http://paper.seebug.org/357/', 'http://www.vxjump.net/files/vulnanalysis/cve-2017-8464.txt' CVE Name:...

Immunity Canvas: SAMBA_IS_KNOWN_PIPENAME

Name| sambaisknownpipename ---|--- CVE| CVE-2017-7494 Exploit Pack| CANVAS Description| SAMBA 4.x remote exploit Notes| References: https://www.samba.org/samba/security/CVE-2017-7494.html CVE Name: CVE-2017-7494 VENDOR: Samba Notes: In order to use this exploit you need: Write access to a SAMBA...

Immunity Canvas: JBOSSMQ_HTTPIL_DESERIALIZATION

Name| jbossmqhttpildeserialization ---|--- CVE| CVE-2017-7504 Exploit Pack| CANVAS Description| jbossjavadeserializationrce Notes| CVE Name: CVE-2017-7504 VENDOR: Red Hat NOTES: HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the JbossMQ implementation, which is enabled by default i...

Immunity Canvas: SOLARIS_RPC_LIBNSL

Name| solarisrpclibnsl ---|--- CVE| CVE-2017-3623 Exploit Pack| CANVAS Description| Solaris libnsl RPC - Remote Heap Overflow Notes| References: http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html CVE Name: CVE-2017-3623 VENDOR: Oracle Repeatability: Unlimited Date public:...

Immunity Canvas: IIS6_PROPFIND

Name| iis6propfind ---|--- CVE| CVE-2017-7269 Exploit Pack| CANVAS Description| IIS 6.0 PROPFIND ScStoragePathFromUrl Stack Buffer Overflow Notes| References: 'https://vulners.com/cve/CVE-2017-7269', 'https://github.com/edwardz246003/IISexploit' CVE Name: CVE-2017-7269 VENDOR: Microsoft...

Immunity Canvas: LINUX_SCREEN

Name| linuxscreen ---|--- CVE| CVE-2017-5618 Exploit Pack| CANVAS Description| GNU Screen v4.5.0 local privilege escalation Notes| CVE Name: CVE-2017-5618 VENDOR: GNU Notes: Tested on: Ubuntu 16.10 x64 Ubuntu 16.04 LTS x64 Ubuntu 14.10 LTS x64 Ubuntu 14.04 LTS x32 Repeatability: Infinite...

Immunity Canvas: ETERNALBLUE

Name| ETERNALBLUE ---|--- CVE| CVE-2017-0143 Exploit Pack| CANVAS Description| ETERNALBLUE Notes| CVE Name: CVE-2017-0143 VENDOR: Microsoft NOTES: Due to the complexity of the bug, this exploit will never be 100% reliable. Please READ THE EXPLOIT SOURCE for more information and notes...

Immunity Canvas: MS17_010

Name| ms17010 ---|--- CVE| CVE-2017-0143, CVE-2017-0146 Exploit Pack| CANVAS Description| MS17-010 Notes| CVE Name: CVE-2017-0143, CVE-2017-0146 VENDOR: Microsoft NOTES: https://github.com/worawit/MS17-010 https://www.crowdstrike.com/blog/badrabbit-ms17-010-exploitation-part-one-leak-and-control/...

Immunity Canvas: STRUTS_OGNL

Name| strutsognl ---|--- CVE| CVE-2017-5638 Exploit Pack| CANVAS Description| strutsognl Notes| CVE Name: CVE-2017-5638 VENDOR: Apache NOTES: The JAR Server will listen on the port provided in the UI. However, if that port is unavailable, a random one will be chosen. Example vulnerable applicatio...

Immunity Canvas: MAGENTO_SET_PAY_INFO

Name| magentosetpayinfo ---|--- CVE| CVE-2016-4010 Exploit Pack| CANVAS Description| Magento unauthenticated unserialize 2.0.6 Notes| Repeatability: Infinite VENDOR: Magento CVE Url: https://vulners.com/cve/CVE-2016-4010 CVE Name: CVE-2016-4010...

Immunity Canvas: MAGENTO_SET_PAYMENT_INFO

Name| magentosetpaymentinfo ---|--- CVE| CVE-2016-4010 Exploit Pack| CANVAS Description| Magento unauthenticated unserialize 2.0.6 Notes| Repeatability: Infinite VENDOR: Magento CVE Url: https://vulners.com/cve/CVE-2016-4010 CVE Name: CVE-2016-4010...

Immunity Canvas: APPORT_CRASH_HANDLER

Name| apportcrashhandler ---|--- CVE| CVE-2016-9949 Exploit Pack| CANVAS Description| Ubuntu Apport Crash Handler RCE Notes| CVE Name: CVE-2016-9949 Vendor: Ubuntu Notes: This module creates a crafted Apport crash file report that seems to be a simple text file. When the text file is double click...

Immunity Canvas: OVERLAYFS

Name| overlayfs ---|--- CVE| CVE-2015-1328 Exploit Pack| CANVAS Description| Ubuntu Overlayfs local privilege escalation Notes| CVE Name: CVE-2015-1328 VENDOR: Ubuntu Notes: This is a local privilege escalation for Ubuntu affecting 12.04, 14.04, 14.10, and 15.04. Currently supporting: - 14.04 -...

Immunity Canvas: LINUX_FOLL_WRITE_COW

Name| linuxfollwritecow ---|--- CVE| CVE-2016-5195 Exploit Pack| CANVAS Description| Linux Kernel FOLLWRITE gup COW local privilege escalation Notes| Repeatability: Multiple Times Notes: Tested on: - RedHat 7 - Ubuntu 14 - Ubuntu 16 VENDOR: Linux CVE Url: https://vulners.com/cve/CVE-2016-5195...

Immunity Canvas: MS16_135

Name| ms16135 ---|--- CVE| CVE-2016-0099 Exploit Pack| CANVAS Description| MS16-135 SetWindowLongPtr Vulnerability Notes| CVE Name: CVE-2016-0099 VENDOR: Microsoft Notes: The vulnerable and now patched function is actually xxxNextWindow, but since Google mentioned SetWindowLongPtr in their releas...

Immunity Canvas: MS16_111

Name| ms16111 ---|--- CVE| CVE-2016-3371 Exploit Pack| CANVAS Description| MS16-111 Registry Hive Hijack Notes| CVE Name: CVE-2016-3371 VENDOR: Microsoft Notes: Tested against: Windows 10 x64 EN both Chinese and English usernames - SUCCESSFUL EOP Windows XP x86 - EXECUTABLE DOES NOT RUN Windows 7...

Immunity Canvas: CISCO_SNMP_OID

Name| ciscosnmpoid ---|--- CVE| CVE-2016-6366 Exploit Pack| CANVAS Description| CISCO SNMP OID mem corruption Notes| Repeatability: Multiple Times Notes: python exploits/remote/cisco/ciscosnmpoid/ciscosnmpoid.py -t ip -p port -O community:community -O version:0/1 0 = disable password auth 1 =...

Immunity Canvas: STRUTS2_DMI_RCE

Name| struts2dmirce ---|--- CVE| CVE-2016-3081 Exploit Pack| CANVAS Description| struts2dmirce Notes| CVE Name: CVE-2016-3081 VENDOR: Apache NOTES: The JAR Server will listen on the port provided in the UI. However, if that port is unavailable, a random one will be chosen. Example vulnerable...

Immunity Canvas: JENKINS_JRMP_DESERIALIZATION

Name| jenkinsjrmpdeserialization ---|--- CVE| CVE-2016-0788 Exploit Pack| CANVAS Description| jenkinsjrmpdeserialization Notes| CVE Name: CVE-2016-0788 VENDOR: Jenkins NOTES: Versions tested: Ubuntu Linux 14.04.3 Jenkins 1.598 - 6 / 7 / 8 Jenkins 1.649 - 7 / 8 Windows 7 Ultimate SP1 Jenkins 1.598...

Immunity Canvas: RAILS_ACTIONPACK_RENDER

Name| railsactionpackrender ---|--- CVE| CVE-2016-2098 Exploit Pack| CANVAS Description| railsactionpackrender Notes| CVE Name: CVE-2016-2098 VENDOR: http://rubyonrails.org Notes: This vulnerability affects ActionPack gem and it allows remote attackers to execute arbitrary Ruby Code due to the...

Immunity Canvas: CVE_2016_1757

Name| CVE20161757 ---|--- CVE| CVE-2016-1757 Exploit Pack| CANVAS Description| Shellelevate: CVE-2016-1757 Notes| Repeatability: Multiple Times NOTES: VENDOR: Apple CVE Url: https://vulners.com/cve/CVE-2016-1757 CVE Name: CVE-2016-1757...

Immunity Canvas: MS16_032

Name| ms16032 ---|--- CVE| CVE-2016-0099 Exploit Pack| CANVAS Description| MS16-032 Seclogon Thread Handle Leak Notes| CVE Name: CVE-2016-0099 VENDOR: Microsoft Notes: Our exploit module is really two modules: 1 An exploit, based off of Google Project Zero's post by James Foreshaw. It is extremel...

Immunity Canvas: MS16_006_SILVERLIGHT

Name| ms16006silverlight ---|--- CVE| CVE-2016-0034 Exploit Pack| CANVAS Description| ms16006silverlight Notes| CVE Name: CVE-2016-0034 VENDOR: Microsoft Notes: This module exploits a mishandling of negative offsets during a decoding. This situation could be exploited to overwrite with controlled...

Immunity Canvas: OVERLAYFS_SETATTR

Name| overlayfssetattr ---|--- CVE| CVE-2015-8660 Exploit Pack| CANVAS Description| Ubuntu Overlayfs setattr local privilege escalation Notes| Repeatability: Multiple Times Notes: This is a local privilege escalation affecting kernels lower than 4.3.3. Tested on: - Ubuntu 15.10 VENDOR: Ubuntu CVE...

Immunity Canvas: VREALIZE_VCOFACTORY_DESERIALIZE

Name| vrealizevcofactorydeserialize ---|--- CVE| CVE-2015-6934 Exploit Pack| CANVAS Description| vrealizevcofactorydeserialize Notes| CVE Name: CVE-2015-6934 VENDOR: VMWare NOTES: IMPORTANT NOTE: Any instance of this application running Apache Commons Collections version prior to 3.0 WILL NOT WOR...

Immunity Canvas: JOOMLA_SESSION_UNSERIALIZE

Name| joomlasessionunserialize ---|--- CVE| CVE-2015-8562 Exploit Pack| CANVAS Description| Joomla session unserialize 1.5 to 3.4.5 Notes| Repeatability: Infinite VENDOR: Joomla CVE Url: https://vulners.com/cve/CVE-2015-8562 CVE Name: CVE-2015-8562...

Immunity Canvas: JENKINS_CLI_DESERIALIZATION

Name| jenkinsclideserialization ---|--- CVE| CVE-2015-8103 Exploit Pack| CANVAS Description| jenkinsclideserialization Notes| CVE Name: CVE-2015-8103 VENDOR: Jenkins NOTES: IMPORTANT NOTE: Any instance of this application running Apache Commons Collections version prior to 3.0 WILL NOT WORK...

Immunity Canvas: VBULLETIN_PREAUTH_DECODEARGUMENTS

Name| vbulletinpreauthdecodeArguments ---|--- CVE| CVE-2015-7808 Exploit Pack| CANVAS Description| vBulletin pre-auth remote code execution Notes| CVE Name: CVE-2015-7808 VENDOR: vBulletin Solutions NOTES: Tested on Ubuntu 14.04 against: - vBulletin 5.1.4 - vBulletin 5.0.4 Repeatability: Infinite...

Immunity Canvas: OSX_RSH_LIBMALLOC

Name| osxrshlibmalloc ---|--- CVE| CVE-2015-5889 Exploit Pack| CANVAS Description| OS X rsh/libmalloc local privilege escalation Notes| Repeatability: Multiple Times Notes: Exploit should work on many different versions of MacOS X 64bit, but it has been specifically tested on: - 10.10.3 - 10.10.1...

Immunity Canvas: MS15_102

Name| ms15102 ---|--- CVE| CVE-2015-2525 Exploit Pack| CANVAS Description| Windows Task Arbitrary File Deletion Notes| Repeatability: Infinite Notes: This module exploits a vulnerability on the Task Scheduler Service schedsvc.dll. When a scheduled task is created with the DeleteExpiredTaskAfter...

Immunity Canvas: MS15_100

Name| ms15100 ---|--- CVE| CVE-2015-2509 Exploit Pack| CANVAS Description| ms15100 Notes| References: https://technet.microsoft.com/library/security/ms15-100 CVE Name: CVE-2015-2509 VENDOR: Microsoft NOTES: Tested on: Windows 7 SP132 bits Windows 7 SP164 bits Use port 80 as the server port Window...

Immunity Canvas: OSX_DYLD_PRINT_TO_FILE

Name| osxdyldprinttofile ---|--- CVE| CVE-2015-3760 Exploit Pack| CANVAS Description| OS X DYLDPRINTTOFILE local privilege escalation Notes| Repeatability: Multiple Times Notes: Tested on: - 10.10.3 VENDOR: Apple CVE Url: https://vulners.com/cve/CVE-2015-3760 CVE Name: CVE-2015-3760...

Immunity Canvas: ADOBE_FLASH_ID3

Name| adobeflashid3 ---|--- CVE| CVE-2015-5560 Exploit Pack| CANVAS Description| adobeflashid3 Notes| CVE Name: CVE-2015-5560 VENDOR: Adobe Notes: This module exploits a mishandling of large integers during the decoding of an ID3 tag. This situation leads to an integer overflow that eventually...

Immunity Canvas: FIREFOX_PDFJS_FILEREADER

Name| firefoxpdfjsfilereader ---|--- CVE| CVE-2015-4495 Exploit Pack| CANVAS Description| firefoxpdfjsfilereader Notes| CVE Name: CVE-2015-4495 VENDOR: Mozilla NOTES: Tested on: Ubuntu 14.04.3 LTS Firefox 39.0 Under the Response tab of ClientD main window, the option "Respond directly with exploi...

Immunity Canvas: ATMFD_POOL_BUFFER_UNDERFLOW

Name| atmfdpoolbufferunderflow ---|--- CVE| CVE-2015-2387 Exploit Pack| CANVAS Description| ATMFD.dll Pool Buffer Underflow Notes| Repeatability: Infinite Notes: This module exploits a vulnerability on the Adobe Type Manager Font Driver ATMFD.DLL. While processing a font data there exists a buffe...

Immunity Canvas: ADOBE_FLASH_VALUEOF

Name| adobeflashvalueof ---|--- CVE| CVE-2015-5119 Exploit Pack| CANVAS Description| adobeflashvalueof Notes| CVE Name: CVE-2015-5119 VENDOR: Adobe Notes: Tested on: - Windows 7 x86/x64 IE32/64 8, 9, 11 This module exploits a use after free vulnerability on Adobe Flash Player. When you have a...

Immunity Canvas: OSX_ROOTPIPE2

Name| osxrootpipe2 ---|--- CVE| CVE-2015-3673 Exploit Pack| CANVAS Description| OS X XPC Admin Framework rootpipe 2 local privilege escalation Notes| CVE Name: CVE-2015-3673 VENDOR: Apple Notes: Rootpipe 2 for Mac OS X 10.10.3 Repeatability: Multiple Times References:...

Immunity Canvas: PROFTPD_MOD_COPY

Name| proftpdmodcopy ---|--- CVE| CVE-2015-3306 Exploit Pack| CANVAS Description| ProFTPd 1.3.5 Remote File Copy Notes| CVE Name: CVE-2015-3306 VENDOR: NOTES: This exploit abuses the commands of the modcopy module in ProFTPd version=1.3.5. The SITE CPFR/CPTO commands can be used by unauthenticate...

Immunity Canvas: MS15_051

Name| ms15051 ---|--- CVE| CVE-2015-1701 Exploit Pack| CANVAS Description| win32k.sys bServerSideWindowProc flag logic issue Notes| Repeatability: Infinite Notes: This module exploits a vulnerability on the win32k.sys driver. The bServerSideWindowProc flag on the window's handle structure is mean...

Immunity Canvas: ROOTPIPE

Name| rootpipe ---|--- CVE| CVE-2015-1130 Exploit Pack| CANVAS Description| OS X XPC Admin Framework rootpipe local privilege escalation Notes| CVE Name: CVE-2015-1130 VENDOR: Apple Notes: This is a local privilege escalation affecting all Mac OS X versions from 10.7 up to 10.10.2. We provide bot...

Immunity Canvas: LNK_EXEC

Name| lnkexec ---|--- CVE| CVE-2015-0096 Exploit Pack| CANVAS Description| lnkexec Notes| References: https://technet.microsoft.com/library/security/ms15-020 CVE Name: CVE-2015-0096 VENDOR: Microsoft NOTES: Tested on: - Windows 7 32bit - Internet Explorer 8 a popup will appear if Protected Mode...

Immunity Canvas: ELASTICSEARCH_CVE_2015_1427

Name| elasticsearchCVE20151427 ---|--- CVE| CVE-2015-1427 Exploit Pack| CANVAS Description| elasticsearchCVE-2015-1427 Notes| CVE Name: CVE-2015-1427 VENDOR: elastic Notes: Elasticsearch versions 1.3.x before 1.3.8 and 1.4.x before 1.4.3 have dynamic scripting features enabled by default using...

Immunity Canvas: ADOBE_FLASH_DOMAINMEMORY_UAF

Name| adobeflashdomainMemoryuaf ---|--- CVE| CVE-2015-0313 Exploit Pack| CANVAS Description| adobeflashdomainMemoryuaf Notes| CVE Name: CVE-2015-0313 VENDOR: Adobe Notes: This module exploits a use-after free vulnerability on the Flash handling of the ApplicationDomain.currentDomain.domainMemory...

Immunity Canvas: CVE_2014_9222

Name| CVE20149222 ---|--- CVE| CVE-2014-9222 Exploit Pack| CANVAS Description| CVE-2014-9222 Misfortune Cookie Notes| CVE Name: CVE-2014-9222 VENDOR: Alegro Notes: This module exploits the arbitrary memory overwrite vulnerability in RomPager embedded web-server, which was originally introduced by...

Immunity Canvas: MS14_068

Name| ms14068 ---|--- CVE| CVE-2014-6324 Exploit Pack| CANVAS Description| Kerberos Checksum Vulnerability Notes| CVE Name: CVE-2014-6324 VENDOR: Microsoft MSADV: MS14-068 Repeatability: Note: Please refer to the Microsoft URLs to know exactly the conditions for when this vulnerability is...

Immunity Canvas: MS14_064_IE_OLEAUT32

Name| ms14064ieoleaut32 ---|--- CVE| CVE-2014-6332 Exploit Pack| CANVAS Description| MS14064 - Windows OLE Automation Array Remote Code Execution Vulnerability Notes| CVE Name: CVE-2014-6332 VENDOR: Microsoft NOTES: References:...

Immunity Canvas: MS14_070

Name| ms14070 ---|--- CVE| CVE-2014-4076 Exploit Pack| CANVAS Description| ms14070 Notes| References: https://technet.microsoft.com/en-us/library/security/ms14-070.aspx CVE Name: CVE-2014-4076 VENDOR: Microsoft NOTES: Tested on: - Windows 2003 Standard Edition x86 SP2 English Usage: Win32/MOSDEF$...

Immunity Canvas: CITRIX_NETSCALER_SOAP

Name| citrixnetscalersoap ---|--- CVE| CVE-2014-7140 Exploit Pack| CANVAS Description| Citrix Netscaler 10.1 Soap exploit Notes| FoundBy: Console Cowboys Notes: A vulnerability exists in the SOAP handler of the web interface. A SOAP request can be crafted to trigger a memory corruption flaw,...

Immunity Canvas: DRUPAL_NAME_SQLI_CALLBACK

Name| drupalnamesqlicallback ---|--- CVE| CVE-2014-3704 Exploit Pack| CANVAS Description| Drupal injection exploit Notes| CVE Name: CVE-2014-3704 VENDOR: drupal.org Notes: This exploit tries to open a php callback to canvas by injecting php code in Drupal's login block through the database sql...

Immunity Canvas: DRUPAL_NAME_SQLI

Name| drupalnamesqli ---|--- CVE| CVE-2014-3704 Exploit Pack| CANVAS Description| Drupal injection exploit Notes| CVE Name: CVE-2014-3704 VENDOR: drupal.org Notes: This exploit replaces the password of 'Drupal User' with 'Drupal Password'. If uid is specified, 'Drupal User' is ignored...