Lucene search
K
MetasploitMost viewed

6849 matches found

Metasploit
Metasploit
•added 2013/11/10 10:8 p.m.•56 views

Wordpress Scanner

Detects Wordpress Versions, Themes, Plugins, and Users This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress Scanner', 'Description' = 'Detects Wordpress Versions, Themes, Plugins, and...

7.4AI score
Exploits0
Metasploit
Metasploit
•added 2013/05/08 6:48 p.m.•56 views

ERS Viewer 2011 ERS File Handling Buffer Overflow

This module exploits a buffer overflow vulnerability found in ERS Viewer 2011 version 11.04. The vulnerability exists in the module ermapperu.dll where the function ERMconverttocorrectwebpath handles user provided data in an insecure way. It results in arbitrary code execution under the context o...

9.3CVSS8.4AI score0.27975EPSS
Exploits4
Metasploit
Metasploit
•added 2013/02/04 3:37 p.m.•56 views

VMWare OVF Tools Format String Vulnerability

This module exploits a format string vulnerability in VMWare OVF Tools 2.1 for Windows. The vulnerability occurs when printing error messages while parsing a a malformed OVF file. The module has been tested successfully with VMWare OVF Tools 2.1 on Windows XP SP3. This module requires Metasploit:...

9.3CVSS6.9AI score0.47719EPSS
Exploits12
Metasploit
Metasploit
•added 2013/02/03 8:6 p.m.•56 views

Command Shell, Reverse TCP SSL (via python)

Creates an interactive shell via Python, uses SSL, encodes with base64 by design. Compatible with Python 2.6-2.7 and 3.4+. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = :dynamic...

7.1AI score
Exploits0
Metasploit
Metasploit
•added 2012/08/01 5:34 p.m.•56 views

Cisco Linksys PlayerPT ActiveX Control SetSource sURL Argument Buffer Overflow

This module exploits a vulnerability found in Cisco Linksys PlayerPT 1.0.0.15 as the installed with the web interface of Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera. The vulnerability, due to the insecure usage of sprintf in the SetSource method, when handling a specially crafted sU...

9.3CVSS7.6AI score0.36317EPSS
Exploits6
Metasploit
Metasploit
•added 2012/06/25 7:58 a.m.•56 views

LLMNR Spoofer

LLMNR Link-local Multicast Name Resolution is the successor of NetBIOS Windows Vista and up and is used to resolve the names of neighboring computers. This module forges LLMNR responses by listening for LLMNR requests sent to the LLMNR multicast address 224.0.0.252 and responding with a...

7AI score
Exploits0
Metasploit
Metasploit
•added 2012/03/20 7:43 p.m.•56 views

DNS TXT Record Payload Download and Execution

Performs a TXT query against a series of DNS records and executes the returned x86 shellcode. The DNSZONE option is used as the base name to iterate over. The payload will first request the TXT contents of the a hostname, followed by b, then c, etc. until there are no more records. For each recor...

7.4AI score
Exploits0
Metasploit
Metasploit
•added 2012/01/04 9:49 a.m.•56 views

Adobe Reader U3D Memory Corruption Vulnerability

This module exploits a vulnerability in the U3D handling within versions 9.x through 9.4.6 and 10 through to 10.1.1 of Adobe Reader. The vulnerability is due to the use of uninitialized memory. Arbitrary code execution is achieved by embedding specially crafted U3D data into a PDF document. A hea...

9.8CVSS9.7AI score0.86238EPSS
Exploits11
Metasploit
Metasploit
•added 2011/11/04 9:4 p.m.•56 views

Windows Gather McAfee ePO 4.6 Config SQL Credentials

This module extracts connection details and decrypts the saved password for the SQL database in use by a McAfee ePO 4.6 server. The passwords are stored in a config file. They are encrypted with AES-128-ECB and a static key. This module requires Metasploit: https://metasploit.com/download Current...

0.1AI score
Exploits0
Metasploit
Metasploit
•added 2011/06/22 10:36 p.m.•56 views

RealWin SCADA Server DATAC Login Buffer Overflow

This module exploits a stack buffer overflow in DATAC Control International RealWin SCADA Server 2.1 Build 6.0.10.10 or earlier. By sending a specially crafted OnFCCONNECTFCSLOGIN packet containing a long username, an attacker may be able to execute arbitrary code. This module requires Metasploit...

10CVSS1.2AI score0.74638EPSS
Exploits15
Metasploit
Metasploit
•added 2011/06/21 2:51 a.m.•56 views

Black Ice Cover Page ActiveX Control Arbitrary File Download

This module allows remote attackers to place arbitrary files on a users file system by abusing the "DownloadImageFileURL" method in the Black Ice BIImgFrm.ocx ActiveX Control BIImgFrm.ocx 12.0.0.0. Code execution can be achieved by first uploading the payload to the remote machine, and then uploa...

9.3CVSS8.1AI score0.34761EPSS
Exploits7
Metasploit
Metasploit
•added 2011/01/09 11:23 p.m.•56 views

ProFTPD 1.2 - 1.3.0 sreplace Buffer Overflow (Linux)

This module exploits a stack-based buffer overflow in versions 1.2 through 1.3.0 of ProFTPD server. The vulnerability is within the "sreplace" function within the "src/support.c" file. The off-by-one heap overflow bug in the ProFTPD sreplace function has been discovered about 2 two years ago by...

10CVSS0.74254EPSS
Exploits4
Metasploit
Metasploit
•added 2010/09/21 6:46 p.m.•56 views

Novell iPrint Client ActiveX Control call-back-url Buffer Overflow

This module exploits a stack-based buffer overflow in Novell iPrint Client 5.42. When sending an overly long string to the 'call-back-url' parameter in an op-client-interface-version action of ienipp.ocx an attacker may be able to execute arbitrary code. This module requires Metasploit:...

9.3CVSS7.4AI score0.35987EPSS
Exploits18
Metasploit
Metasploit
•added 2010/09/20 8:6 a.m.•56 views

SMB File Upload Utility

This module uploads a file to a target share and path. The only reason to use this module is if your existing SMB client is not able to support the features of the Metasploit Framework that you need, like pass-the-hash authentication. This module requires Metasploit: https://metasploit.com/downlo...

7.2AI score
Exploits0
Metasploit
Metasploit
•added 2010/03/03 6:12 p.m.•56 views

Microsoft OWC Spreadsheet HTMLURL Buffer Overflow

This module exploits a buffer overflow in Microsoft's Office Web Components. When passing an overly long string as the "HTMLURL" parameter an attacker can execute arbitrary code. This module requires Metasploit: https://metasploit.com/download Current source:...

9.3CVSS7.9AI score0.5161EPSS
Exploits8
Metasploit
Metasploit
•added 2009/07/21 3:20 p.m.•56 views

TikiWiki jhot Remote Command Execution

TikiWiki contains a flaw that may allow a malicious user to execute arbitrary PHP code. The issue is triggered due to the jhot.php script not correctly verifying uploaded files. It is possible that the flaw may allow arbitrary PHP code execution by uploading a malicious PHP script resulting in a...

7.5CVSS7.6AI score0.42596EPSS
Exploits8
Metasploit
Metasploit
•added 2008/02/11 3:18 p.m.•56 views

BadBlue 2.72b PassThru Buffer Overflow

This module exploits a stack buffer overflow in the PassThru functionality in ext.dll in BadBlue 2.72b and earlier. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HEAD', :pattern = /BadBlue//...

7.5CVSS7.4AI score0.66413EPSS
Exploits4
Metasploit
Metasploit
•added 2007/02/17 1:52 p.m.•56 views

Sun Solaris Telnet Remote Authentication Bypass Vulnerability

This module exploits the argument injection vulnerability in the telnet daemon in.telnetd of Solaris 10 and 11. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Sun Solaris Telnet Remote...

10CVSS7.4AI score0.97848EPSS
Exploits13
Metasploit
Metasploit
•added 2006/12/27 10:43 p.m.•56 views

Mercur Messaging 2005 IMAP Login Buffer Overflow

This module exploits a stack buffer overflow in Atrium Mercur IMAP 5.0 SP3. Since the room for shellcode is small, using the reverse ordinal payloads yields the best results. This module requires Metasploit: https://metasploit.com/download Current source:...

10CVSS7.4AI score0.68147EPSS
Exploits12
Metasploit
Metasploit
•added 2021/12/08 5:42 p.m.•55 views

Windows Interactive Powershell Session, Reverse TCP SSL

Listen for a connection and spawn an interactive powershell session over SSL Module Options msf use payload/windows/x64/powershellreversetcpssl msf payloadpowershellreversetcpssl show actions ...actions... msf payloadpowershellreversetcpssl set ACTION msf payloadpowershellreversetcpssl show optio...

7.1AI score
Exploits0
Metasploit
Metasploit
•added 2021/02/23 5:41 p.m.•55 views

Apache Flink JobManager Traversal

This module exploits an unauthenticated directory traversal vulnerability in Apache Flink versions 1.11.0 use auxiliary/scanner/http/apacheflinkjobmanagertraversal msf auxiliaryapacheflinkjobmanagertraversal show actions ...actions... msf auxiliaryapacheflinkjobmanagertraversal set ACTION msf...

9.1CVSS7.8AI score0.97856EPSS
Exploits14
Metasploit
Metasploit
•added 2021/01/29 5:42 p.m.•55 views

OneDrive Sync Provider Enumeration Module

This module will identify the Office 365 OneDrive endpoints for both business and personal accounts across all users providing access is permitted. It is useful for identifying document libraries that may otherwise not be obvious which could contain sensitive or useful information. Module Options...

7AI score
Exploits0
Metasploit
Metasploit
•added 2021/01/27 5:42 p.m.•55 views

Micro Focus UCMDB Java Deserialization Unauthenticated Remote Code Execution

This module exploits two vulnerabilities, that when chained allow an attacker to achieve unauthenticated remote code execution in Micro Focus UCMDB. UCMDB included in versions 2020.05 and below of Operations Bridge Manager are affected, but this module can probably also be used to exploit...

10CVSS9.6AI score0.7699EPSS
Exploits6
Metasploit
Metasploit
•added 2020/07/01 11:15 a.m.•55 views

Directory Traversal in Spring Cloud Config Server

This module exploits an unauthenticated directory traversal vulnerability which exists in Spring Cloud Config versions 2.2.x prior to 2.2.3 and 2.1.x prior to 2.1.9, and older unsupported versions. Spring Cloud Config listens by default on port 8888. This module requires Metasploit:...

7.5CVSS7.8AI score0.95586EPSS
Exploits3
Metasploit
Metasploit
•added 2020/03/25 2:26 p.m.•55 views

Unix Command Shell, Reverse TCP (via Tclsh)

Creates an interactive shell via Tclsh This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 184 include Msf::Payload::Single include Msf::Sessions::CommandShellOptions def initializeinf...

0.3AI score
Exploits0
Metasploit
Metasploit
•added 2020/03/03 11:41 p.m.•55 views

OpenSMTPD OOB Read Local Privilege Escalation

This module exploits an out-of-bounds read of an attacker-controlled string in OpenSMTPD's MTA implementation to execute a command as the root or nobody user, depending on the kind of grammar OpenSMTPD uses. This module requires Metasploit: https://metasploit.com/download Current source:...

9.8CVSS0.5AI score0.88535EPSS
Exploits10
Metasploit
Metasploit
•added 2019/08/28 3:55 a.m.•55 views

Cisco UCS Director Unauthenticated Remote Code Execution

The Cisco UCS Director virtual appliance contains two flaws that can be combined and abused by an attacker to achieve remote code execution as root. The first one, CVE-2019-1937, is an authentication bypass, that allows the attacker to authenticate as an administrator. The second one,...

7.2CVSS10.1AI score0.75863EPSS
Exploits15
Metasploit
Metasploit
•added 2019/07/26 12:42 a.m.•55 views

Windows x86 Pingback, Reverse TCP Inline

Connect back to attacker and report UUID Windows x86 This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 307 include Msf::Payload::Windows include Msf::Payload::Single include...

7.3AI score
Exploits0
Metasploit
Metasploit
•added 2019/04/30 9:54 p.m.•55 views

ptrace Sudo Token Privilege Escalation

This module attempts to gain root privileges by blindly injecting into the session user's running shell processes and executing commands by calling system, in the hope that the process has valid cached sudo tokens with root privileges. The system must have gdb installed and permit ptrace. This...

1AI score
Exploits0
Metasploit
Metasploit
•added 2018/11/28 2:14 a.m.•56 views

Unitrends Enterprise Backup bpserverd Privilege Escalation

It was discovered that the Unitrends bpserverd proprietary protocol, as exposed via xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute arbitrary commands with root privilege on the target system. This is very similar to...

9.8CVSS7.7AI score0.62464EPSS
Exploits7
Metasploit
Metasploit
•added 2018/08/06 9:31 a.m.•55 views

Apache Spark Unauthenticated Command Execution

This module exploits an unauthenticated command execution vulnerability in Apache Spark with standalone cluster mode through REST API. It uses the function CreateSubmissionRequest to submit a malious java class and trigger it. This module requires Metasploit: https://metasploit.com/download Curre...

4.2CVSS7.3AI score0.6583EPSS
Exploits2
Metasploit
Metasploit
•added 2018/02/05 1:47 p.m.•55 views

MagniComp SysInfo mcsiwrapper Privilege Escalation

This module attempts to gain root privileges on systems running MagniComp SysInfo versions prior to 10-H64. The .mcsiwrapper suid executable allows loading a config file using the '--configfile' argument. The 'ExecPath' config directive is used to set the executable load path. This module abuses...

6.7CVSS0.5AI score0.0529EPSS
Exploits5
Metasploit
Metasploit
•added 2017/04/08 1:15 p.m.•55 views

Varnish Cache CLI File Read

This module attempts to read the first line of a file by abusing the error message when compiling a file with vcl.load. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/tcp/client' require...

7.5CVSS6.3AI score0.63824EPSS
Exploits7
Metasploit
Metasploit
•added 2017/03/23 9:49 a.m.•55 views

SolarWinds LEM Default SSH Password Remote Code Execution

This module exploits the default credentials of SolarWinds LEM. A menu system is encountered when the SSH service is accessed with the default username and password which is "cmc" and "password". By exploiting a vulnerability that exist on the menuing script, an attacker can escape from restricte...

10CVSS9.7AI score0.1273EPSS
Exploits2
Metasploit
Metasploit
•added 2017/01/03 8:36 a.m.•55 views

VMware VDP Known SSH Key

VMware vSphere Data Protection appliances 5.5.x through 6.1.x contain a known ssh private key for the local user admin who is a sudoer without password. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'net/ssh...

9.8CVSS9.4AI score0.32789EPSS
Exploits3
Metasploit
Metasploit
•added 2016/12/20 3:38 a.m.•55 views

Windows 'Run As' Using Powershell

This module will start a process as another user using powershell. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows 'Run As' Using Powershell', 'Description' = %q This module will start...

7.3AI score
Exploits0
Metasploit
Metasploit
•added 2015/01/05 5:14 a.m.•55 views

ManageEngine Desktop Central Administrator Account Creation

This module exploits an administrator account creation vulnerability in Desktop Central from v7 onwards by sending a crafted request to DCPluginServelet. It has been tested in several versions of Desktop Central including MSP from v7 onwards. This module requires Metasploit:...

9.8CVSS7.2AI score0.81048EPSS
Exploits8
Metasploit
Metasploit
•added 2014/08/12 10:17 p.m.•55 views

VirtualBox Guest Additions VBoxGuest.sys Privilege Escalation

A vulnerability within the VBoxGuest driver allows an attacker to inject memory they control into an arbitrary location they define. This can be used by an attacker to overwrite HalDispatchTable+0x4 and execute arbitrary code by subsequently calling NtQueryIntervalProfile on Windows XP SP3 system...

3.6CVSS7.8AI score0.07197EPSS
Exploits7
Metasploit
Metasploit
•added 2014/03/03 8:36 p.m.•55 views

MantisBT Admin SQL Injection Arbitrary File Read

Versions 1.2.13 through 1.2.16 are vulnerable to a SQL injection attack if an attacker can gain access to administrative credentials. This vuln was fixed in 1.2.17. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework clas...

6.5CVSS0.8AI score0.11311EPSS
Exploits8
Metasploit
Metasploit
•added 2013/08/21 9:18 a.m.•55 views

Windows Gather Prefetch File Information

This module gathers prefetch file information from WinXP, Win2k3 and Win7 systems and current values of related registry keys. From each prefetch file we'll collect filetime converted to utc of the last execution, file path hash, run count, filename and the execution path. This module requires...

7AI score
Exploits0
Metasploit
Metasploit
•added 2013/07/22 5:36 p.m.•55 views

SAP Host Agent Information Disclosure

This module attempts to retrieve Computer and OS info from Host Agent through the SAP HostControl service. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rexml/document' class MetasploitModule 'SAP Host Agen...

5CVSS6.5AI score0.20873EPSS
Exploits2
Metasploit
Metasploit
•added 2013/07/15 8:2 p.m.•55 views

Windows Gather Enumerate Active Domain Users

This module will enumerate computers included in the primary Domain and attempt to list all locations the targeted user has sessions on. If the HOST option is specified the module will target only that host. If the HOST is specified and USER is set to nil, all users logged into that host will be...

7.2AI score
Exploits0
Metasploit
Metasploit
•added 2013/01/29 4:29 a.m.•55 views

Windows Gather Credential Cache Dump

This module uses the registry to extract the stored domain hashes that have been cached as a result of a GPO setting. The default setting on Windows is to store the last ten successful logins. This module requires Metasploit: https://metasploit.com/download Current source:...

6.9AI score
Exploits0
Metasploit
Metasploit
•added 2012/09/05 5:26 p.m.•55 views

Windows Manage Remote Packet Capture Service Starter

This module enables the Remote Packet Capture System rpcapd service included in the default installation of Winpcap. The module allows you to set up the service in passive or active mode useful if the client is behind a firewall. If authentication is enabled you need a local user account to captu...

Exploits0
Metasploit
Metasploit
•added 2012/03/18 5:7 a.m.•55 views

SNMP Community Login Scanner

This module logs in to SNMP devices using common community names. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/communitystringcollection' require 'metasploit/framework/loginscanner/snm...

7.5CVSS7.3AI score0.27166EPSS
Exploits3
Metasploit
Metasploit
•added 2011/11/21 5:36 p.m.•55 views

MS11-038 Microsoft Office Excel Malformed OBJ Record Handling Overflow

This module exploits a vulnerability found in Excel 2002 of Microsoft Office XP. By supplying a .xls file with a malformed OBJ recType 0x5D record an attacker can get the control of the execution flow. This results in arbitrary code execution under the context of the user. This module requires...

9.3CVSS7.1AI score0.70121EPSS
Exploits21
Metasploit
Metasploit
•added 2011/11/16 6:26 p.m.•55 views

Viscom Image Viewer CP Pro 8.0/Gold 6.0 ActiveX Control

This module exploits a stack based buffer overflow in the Active control file ImageViewer2.OCX by passing an overly long argument to an insecure TifMergeMultiFiles method. Exploitation results in code execution with the privileges of the user who browsed to the exploit page. The victim will first...

9.3CVSS8.1AI score0.31968EPSS
Exploits2
Metasploit
Metasploit
•added 2011/10/12 11:20 p.m.•55 views

Multi Gather Ping Sweep

Performs IPv4 ping sweep using the OS included ping command. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Multi Gather Ping Sweep', 'Description' = %q Performs IPv4 ping sweep using the OS...

7.4AI score
Exploits0
Metasploit
Metasploit
•added 2010/11/04 2:11 a.m.•55 views

Adobe XML External Entity Injection

Multiple Adobe Products -- XML External Entity Injection. Affected Software: BlazeDS 3.2 and earlier versions, LiveCycle 9.0, 8.2.1, and 8.0.1, LiveCycle Data Services 3.0, 2.6.1, and 2.5.1, Flex Data Services 2.0.1, ColdFusion 9.0, 8.0.1, 8.0, and 7.0.2 This module requires Metasploit:...

6.5CVSS7.1AI score0.90118EPSS
Exploits12
Metasploit
Metasploit
•added 2010/01/27 11:24 p.m.•55 views

MySQL yaSSL SSL Hello Message Buffer Overflow

This module exploits a stack buffer overflow in the yaSSL 1.7.5 and earlier implementation bundled with MySQL 'MySQL yaSSL SSL Hello Message Buffer Overflow', 'Description' = %q This module exploits a stack buffer overflow in the yaSSL 1.7.5 and earlier implementation bundled with MySQL 'MC' ,...

7.5CVSS7.9AI score0.91602EPSS
Exploits13
Total number of security vulnerabilities5000