Lucene search
K
MetasploitMost viewed

6848 matches found

Metasploit
Metasploit
•added 2021/06/18 5:42 p.m.•55 views

Cisco HyperFlex HX Data Platform unauthenticated file upload to RCE (CVE-2021-1499)

This module exploits an unauthenticated file upload vulnerability in Cisco HyperFlex HX Data Platform's /upload endpoint to upload and execute a payload as the Tomcat user. Module Options msf use exploit/linux/http/ciscohyperflexfileuploadrce msf exploitciscohyperflexfileuploadrce show targets...

5.3CVSS5.6AI score0.80426EPSS
Exploits5
Metasploit
Metasploit
•added 2021/04/01 5:42 p.m.•55 views

SaltStack Salt API Unauthenticated RCE through wheel_async client

This module leverages an authentication bypass and directory traversal vulnerabilities in Saltstack Salt's REST API to execute commands remotely on the master as the root user. Every 60 seconds, salt-master service performs a maintenance process check that reloads and executes all the grains on t...

9.8CVSS9.7AI score0.92312EPSS
Exploits6
Metasploit
Metasploit
•added 2021/02/23 5:41 p.m.•55 views

Apache Flink JobManager Traversal

This module exploits an unauthenticated directory traversal vulnerability in Apache Flink versions 1.11.0 use auxiliary/scanner/http/apacheflinkjobmanagertraversal msf auxiliaryapacheflinkjobmanagertraversal show actions ...actions... msf auxiliaryapacheflinkjobmanagertraversal set ACTION msf...

9.1CVSS7.8AI score0.97856EPSS
Exploits14
Metasploit
Metasploit
•added 2021/01/29 5:42 p.m.•55 views

OneDrive Sync Provider Enumeration Module

This module will identify the Office 365 OneDrive endpoints for both business and personal accounts across all users providing access is permitted. It is useful for identifying document libraries that may otherwise not be obvious which could contain sensitive or useful information. Module Options...

7AI score
Exploits0
Metasploit
Metasploit
•added 2021/01/27 5:42 p.m.•55 views

Micro Focus UCMDB Java Deserialization Unauthenticated Remote Code Execution

This module exploits two vulnerabilities, that when chained allow an attacker to achieve unauthenticated remote code execution in Micro Focus UCMDB. UCMDB included in versions 2020.05 and below of Operations Bridge Manager are affected, but this module can probably also be used to exploit...

10CVSS9.6AI score0.7699EPSS
Exploits6
Metasploit
Metasploit
•added 2020/09/16 5:41 p.m.•55 views

Mida Solutions eFramework ajaxreq.php Command Injection

This module exploits a command injection vulnerability in Mida Solutions eFramework version 2.9.0 and prior. The ajaxreq.php file allows unauthenticated users to inject arbitrary commands in the PARAM parameter to be executed as the apache user. The sudo configuration permits the apache user to...

10CVSS9.7AI score0.98239EPSS
Exploits6
Metasploit
Metasploit
•added 2020/07/01 11:15 a.m.•55 views

Directory Traversal in Spring Cloud Config Server

This module exploits an unauthenticated directory traversal vulnerability which exists in Spring Cloud Config versions 2.2.x prior to 2.2.3 and 2.1.x prior to 2.1.9, and older unsupported versions. Spring Cloud Config listens by default on port 8888. This module requires Metasploit:...

7.5CVSS7.8AI score0.95586EPSS
Exploits3
Metasploit
Metasploit
•added 2020/05/27 11:55 a.m.•55 views

Windows Gather Xshell and Xftp Passwords

This module can decrypt the password of xshell and xftp, if the user chooses to remember the password. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Gather Xshell and Xftp Passwords',...

7.4AI score
Exploits0
Metasploit
Metasploit
•added 2020/03/25 2:26 p.m.•55 views

Unix Command Shell, Reverse TCP (via Tclsh)

Creates an interactive shell via Tclsh This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 184 include Msf::Payload::Single include Msf::Sessions::CommandShellOptions def initializeinf...

0.3AI score
Exploits0
Metasploit
Metasploit
•added 2020/03/03 11:41 p.m.•55 views

OpenSMTPD OOB Read Local Privilege Escalation

This module exploits an out-of-bounds read of an attacker-controlled string in OpenSMTPD's MTA implementation to execute a command as the root or nobody user, depending on the kind of grammar OpenSMTPD uses. This module requires Metasploit: https://metasploit.com/download Current source:...

9.8CVSS0.5AI score0.88535EPSS
Exploits10
Metasploit
Metasploit
•added 2019/08/28 3:55 a.m.•55 views

Cisco UCS Director Unauthenticated Remote Code Execution

The Cisco UCS Director virtual appliance contains two flaws that can be combined and abused by an attacker to achieve remote code execution as root. The first one, CVE-2019-1937, is an authentication bypass, that allows the attacker to authenticate as an administrator. The second one,...

7.2CVSS10.1AI score0.75863EPSS
Exploits15
Metasploit
Metasploit
•added 2019/07/26 12:42 a.m.•55 views

Windows x86 Pingback, Reverse TCP Inline

Connect back to attacker and report UUID Windows x86 This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 307 include Msf::Payload::Windows include Msf::Payload::Single include...

7.3AI score
Exploits0
Metasploit
Metasploit
•added 2019/04/30 9:54 p.m.•55 views

ptrace Sudo Token Privilege Escalation

This module attempts to gain root privileges by blindly injecting into the session user's running shell processes and executing commands by calling system, in the hope that the process has valid cached sudo tokens with root privileges. The system must have gdb installed and permit ptrace. This...

1AI score
Exploits0
Metasploit
Metasploit
•added 2018/11/28 2:14 a.m.•56 views

Unitrends Enterprise Backup bpserverd Privilege Escalation

It was discovered that the Unitrends bpserverd proprietary protocol, as exposed via xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute arbitrary commands with root privilege on the target system. This is very similar to...

9.8CVSS7.7AI score0.62464EPSS
Exploits7
Metasploit
Metasploit
•added 2018/08/06 9:31 a.m.•55 views

Apache Spark Unauthenticated Command Execution

This module exploits an unauthenticated command execution vulnerability in Apache Spark with standalone cluster mode through REST API. It uses the function CreateSubmissionRequest to submit a malious java class and trigger it. This module requires Metasploit: https://metasploit.com/download Curre...

4.2CVSS7.3AI score0.6583EPSS
Exploits2
Metasploit
Metasploit
•added 2018/02/05 1:47 p.m.•55 views

MagniComp SysInfo mcsiwrapper Privilege Escalation

This module attempts to gain root privileges on systems running MagniComp SysInfo versions prior to 10-H64. The .mcsiwrapper suid executable allows loading a config file using the '--configfile' argument. The 'ExecPath' config directive is used to set the executable load path. This module abuses...

6.7CVSS0.5AI score0.0529EPSS
Exploits5
Metasploit
Metasploit
•added 2017/04/08 1:15 p.m.•55 views

Varnish Cache CLI File Read

This module attempts to read the first line of a file by abusing the error message when compiling a file with vcl.load. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/tcp/client' require...

7.5CVSS6.3AI score0.63824EPSS
Exploits7
Metasploit
Metasploit
•added 2017/03/23 9:49 a.m.•55 views

SolarWinds LEM Default SSH Password Remote Code Execution

This module exploits the default credentials of SolarWinds LEM. A menu system is encountered when the SSH service is accessed with the default username and password which is "cmc" and "password". By exploiting a vulnerability that exist on the menuing script, an attacker can escape from restricte...

10CVSS9.7AI score0.1273EPSS
Exploits2
Metasploit
Metasploit
•added 2016/12/20 3:38 a.m.•55 views

Windows 'Run As' Using Powershell

This module will start a process as another user using powershell. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows 'Run As' Using Powershell', 'Description' = %q This module will start...

7.3AI score
Exploits0
Metasploit
Metasploit
•added 2015/01/05 5:14 a.m.•55 views

ManageEngine Desktop Central Administrator Account Creation

This module exploits an administrator account creation vulnerability in Desktop Central from v7 onwards by sending a crafted request to DCPluginServelet. It has been tested in several versions of Desktop Central including MSP from v7 onwards. This module requires Metasploit:...

9.8CVSS7.2AI score0.81048EPSS
Exploits8
Metasploit
Metasploit
•added 2014/08/12 10:17 p.m.•55 views

VirtualBox Guest Additions VBoxGuest.sys Privilege Escalation

A vulnerability within the VBoxGuest driver allows an attacker to inject memory they control into an arbitrary location they define. This can be used by an attacker to overwrite HalDispatchTable+0x4 and execute arbitrary code by subsequently calling NtQueryIntervalProfile on Windows XP SP3 system...

3.6CVSS7.8AI score0.07197EPSS
Exploits7
Metasploit
Metasploit
•added 2014/07/10 2:9 p.m.•55 views

Flash "Rosetta" JSONP GET/POST Response Disclosure

A website that serves a JSONP endpoint that accepts a custom alphanumeric callback of 1200 chars can be abused to serve an encoded swf payload that steals the contents of a same-domain URL. Flash 'Flash "Rosetta" JSONP GET/POST Response Disclosure', 'Description' = %q A website that serves a JSON...

4.3CVSS6.8AI score0.23024EPSS
Exploits4
Metasploit
Metasploit
•added 2013/08/21 9:18 a.m.•55 views

Windows Gather Prefetch File Information

This module gathers prefetch file information from WinXP, Win2k3 and Win7 systems and current values of related registry keys. From each prefetch file we'll collect filetime converted to utc of the last execution, file path hash, run count, filename and the execution path. This module requires...

7AI score
Exploits0
Metasploit
Metasploit
•added 2013/07/22 5:36 p.m.•55 views

SAP Host Agent Information Disclosure

This module attempts to retrieve Computer and OS info from Host Agent through the SAP HostControl service. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rexml/document' class MetasploitModule 'SAP Host Agen...

5CVSS6.5AI score0.20873EPSS
Exploits2
Metasploit
Metasploit
•added 2013/07/15 8:2 p.m.•55 views

Windows Gather Enumerate Active Domain Users

This module will enumerate computers included in the primary Domain and attempt to list all locations the targeted user has sessions on. If the HOST option is specified the module will target only that host. If the HOST is specified and USER is set to nil, all users logged into that host will be...

7.2AI score
Exploits0
Metasploit
Metasploit
•added 2012/11/16 3:3 p.m.•55 views

NFR Agent Heap Overflow Vulnerability

This module exploits a heap overflow in NFRAgent.exe, a component of Novell File Reporter NFR. The vulnerability occurs when handling requests of name "SRS", where NFRAgent.exe fails to generate a response in a secure way, copying user controlled data into a fixed-length buffer in the heap withou...

10CVSS0.1AI score0.71194EPSS
Exploits22
Metasploit
Metasploit
•added 2012/09/05 5:26 p.m.•55 views

Windows Manage Remote Packet Capture Service Starter

This module enables the Remote Packet Capture System rpcapd service included in the default installation of Winpcap. The module allows you to set up the service in passive or active mode useful if the client is behind a firewall. If authentication is enabled you need a local user account to captu...

Exploits0
Metasploit
Metasploit
•added 2012/09/03 5:50 p.m.•55 views

JBoss DeploymentFileRepository WAR Deployment (via JMXInvokerServlet)

This module can be used to execute a payload on JBoss servers that have an exposed HTTPAdaptor's JMX Invoker exposed on the "JMXInvokerServlet". By invoking the methods provided by jboss.admin:DeploymentFileRepository a stager is deployed to finally upload the selected payload to the target. The...

7.5CVSS7.4AI score0.81832EPSS
Exploits5
Metasploit
Metasploit
•added 2012/03/18 5:7 a.m.•55 views

SNMP Community Login Scanner

This module logs in to SNMP devices using common community names. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/communitystringcollection' require 'metasploit/framework/loginscanner/snm...

7.5CVSS7.3AI score0.27166EPSS
Exploits3
Metasploit
Metasploit
•added 2012/02/23 1:44 a.m.•55 views

TrendMicro Control Manger CmdProcessor.exe Stack Buffer Overflow

This module exploits a vulnerability in the CmdProcessor.exe component of Trend Micro Control Manger up to version 5.5. The specific flaw exists within CmdProcessor.exe service running on TCP port 20101. The vulnerable function is the CGenericScheduler::AddTask function of...

10CVSS7.5AI score0.64742EPSS
Exploits9
Metasploit
Metasploit
•added 2011/11/21 5:36 p.m.•55 views

MS11-038 Microsoft Office Excel Malformed OBJ Record Handling Overflow

This module exploits a vulnerability found in Excel 2002 of Microsoft Office XP. By supplying a .xls file with a malformed OBJ recType 0x5D record an attacker can get the control of the execution flow. This results in arbitrary code execution under the context of the user. This module requires...

9.3CVSS7.1AI score0.70121EPSS
Exploits21
Metasploit
Metasploit
•added 2011/11/16 6:26 p.m.•55 views

Viscom Image Viewer CP Pro 8.0/Gold 6.0 ActiveX Control

This module exploits a stack based buffer overflow in the Active control file ImageViewer2.OCX by passing an overly long argument to an insecure TifMergeMultiFiles method. Exploitation results in code execution with the privileges of the user who browsed to the exploit page. The victim will first...

9.3CVSS8.1AI score0.31968EPSS
Exploits2
Metasploit
Metasploit
•added 2011/11/04 9:4 p.m.•55 views

Windows Gather McAfee ePO 4.6 Config SQL Credentials

This module extracts connection details and decrypts the saved password for the SQL database in use by a McAfee ePO 4.6 server. The passwords are stored in a config file. They are encrypted with AES-128-ECB and a static key. This module requires Metasploit: https://metasploit.com/download Current...

0.1AI score
Exploits0
Metasploit
Metasploit
•added 2011/06/21 2:51 a.m.•55 views

Black Ice Cover Page ActiveX Control Arbitrary File Download

This module allows remote attackers to place arbitrary files on a users file system by abusing the "DownloadImageFileURL" method in the Black Ice BIImgFrm.ocx ActiveX Control BIImgFrm.ocx 12.0.0.0. Code execution can be achieved by first uploading the payload to the remote machine, and then uploa...

9.3CVSS8.1AI score0.34761EPSS
Exploits7
Metasploit
Metasploit
•added 2010/11/04 2:11 a.m.•55 views

Adobe XML External Entity Injection

Multiple Adobe Products -- XML External Entity Injection. Affected Software: BlazeDS 3.2 and earlier versions, LiveCycle 9.0, 8.2.1, and 8.0.1, LiveCycle Data Services 3.0, 2.6.1, and 2.5.1, Flex Data Services 2.0.1, ColdFusion 9.0, 8.0.1, 8.0, and 7.0.2 This module requires Metasploit:...

6.5CVSS7.1AI score0.90118EPSS
Exploits12
Metasploit
Metasploit
•added 2010/09/21 6:46 p.m.•55 views

Novell iPrint Client ActiveX Control call-back-url Buffer Overflow

This module exploits a stack-based buffer overflow in Novell iPrint Client 5.42. When sending an overly long string to the 'call-back-url' parameter in an op-client-interface-version action of ienipp.ocx an attacker may be able to execute arbitrary code. This module requires Metasploit:...

9.3CVSS7.4AI score0.35987EPSS
Exploits18
Metasploit
Metasploit
•added 2010/03/03 6:12 p.m.•55 views

Microsoft OWC Spreadsheet HTMLURL Buffer Overflow

This module exploits a buffer overflow in Microsoft's Office Web Components. When passing an overly long string as the "HTMLURL" parameter an attacker can execute arbitrary code. This module requires Metasploit: https://metasploit.com/download Current source:...

9.3CVSS7.9AI score0.5161EPSS
Exploits8
Metasploit
Metasploit
•added 2010/01/27 11:24 p.m.•55 views

MySQL yaSSL SSL Hello Message Buffer Overflow

This module exploits a stack buffer overflow in the yaSSL 1.7.5 and earlier implementation bundled with MySQL 'MySQL yaSSL SSL Hello Message Buffer Overflow', 'Description' = %q This module exploits a stack buffer overflow in the yaSSL 1.7.5 and earlier implementation bundled with MySQL 'MC' ,...

7.5CVSS7.9AI score0.91602EPSS
Exploits13
Metasploit
Metasploit
•added 2009/01/21 12:51 p.m.•55 views

Tomcat Administration Tool Default Access

Detect the Tomcat administration interface. The administration interface is included in versions 5.5 and lower. Port 8180 is the default for FreeBSD, 8080 for all others. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framewor...

0.4AI score
Exploits0
Metasploit
Metasploit
•added 2008/04/01 11:22 a.m.•55 views

RealPlayer rmoc3260.dll ActiveX Control Heap Corruption

This module exploits a heap corruption vulnerability in the RealPlayer ActiveX control. By sending a specially crafted string to the 'Console' property in the rmoc3260.dll control, an attacker may be able to execute arbitrary code. This module requires Metasploit: https://metasploit.com/download...

9.3CVSS7.7AI score0.4595EPSS
Exploits6
Metasploit
Metasploit
•added 2007/09/29 4:30 a.m.•56 views

Xitami 2.5c2 Web Server If-Modified-Since Overflow

This module exploits a stack buffer overflow in the iMatix Corporation Xitami Web Server. If a malicious user sends an If-Modified-Since header containing an overly long string, it may be possible to execute a payload remotely. Due to size constraints, this module uses the Egghunter technique. Th...

7.5CVSS7.2AI score0.73243EPSS
Exploits6
Metasploit
Metasploit
•added 2006/04/14 8:22 p.m.•55 views

Novell Messenger Server 2.0 Accept-Language Overflow

This module exploits a stack buffer overflow in Novell GroupWise Messenger Server v2.0. This flaw is triggered by any HTTP request with an Accept-Language header greater than 16 bytes. To overwrite the return address on the stack, we must first pass a memcpy operation that uses pointers we supply...

10CVSS0.3AI score0.72833EPSS
Exploits12
Metasploit
Metasploit
•added 2006/01/21 5:5 a.m.•55 views

DistCC Daemon Command Execution

This module uses a documented security weakness to execute arbitrary commands on any system running distccd. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'DistCC Daemon Command Execution',...

9.3CVSS7.7AI score0.80978EPSS
Exploits9
Metasploit
Metasploit
•added 2021/05/01 5:42 p.m.•54 views

Google Chrome versions before 89.0.4389.128 V8 XOR Typer Out-Of-Bounds Access RCE

This module exploits an issue in the V8 engine on x86x64 builds of Google Chrome before 89.0.4389.128/90.0.4430.72 when handling XOR operations in JIT'd JavaScript code. Successful exploitation allows an attacker to execute arbitrary code within the context of the V8 process. As the V8 process is...

8.8CVSS9.6AI score0.70435EPSS
Exploits6
Metasploit
Metasploit
•added 2020/01/13 1:56 a.m.•54 views

"Cablehaunt" Cable Modem WebSocket DoS

There exists a buffer overflow vulnerability in certain Cable Modem Spectrum Analyzer interfaces. This overflow is exploitable, but since an exploit would differ between every make, model, and firmware version which also differs from ISP to ISP, this module simply causes a Denial of Service to te...

8.8CVSS10AI score0.22924EPSS
Exploits3
Metasploit
Metasploit
•added 2019/06/23 9:48 a.m.•54 views

Unix Command Shell, Reverse TCP SSH

Connect back and create a command shell via SSH This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/handler/reversessh' module MetasploitModule CachedSize = :dynamic include Msf::Payload::Single include...

7.5AI score
Exploits0
Metasploit
Metasploit
•added 2019/02/14 6:45 p.m.•54 views

Belkin Wemo UPnP Remote Code Execution

This module exploits a command injection in the Belkin Wemo UPnP API via the SmartDevURL argument to the SetSmartDevInfo action. This module has been tested on a Wemo-enabled Crock-Pot, but other Wemo devices are known to be affected, albeit on a different RPORT 49153. This module requires...

7.9AI score
Exploits0
Metasploit
Metasploit
•added 2018/09/11 1:16 p.m.•54 views

AwindInc SNMP Service Command Injection

This module exploits a vulnerability found in AwindInc and OEM'ed products where untrusted inputs are fed to ftpfw.sh system command, leading to command injection. A valid SNMP read-write community is required to exploit this vulnerability. The following devices are known to be affected by this...

7.2CVSS0.4AI score0.71963EPSS
Exploits5
Metasploit
Metasploit
•added 2018/07/05 6:33 p.m.•54 views

phpMyAdmin Authenticated Remote Code Execution

phpMyAdmin v4.8.0 and v4.8.1 are vulnerable to local file inclusion, which can be exploited post-authentication to execute PHP code by application. The module has been tested with phpMyAdmin v4.8.1. This module requires Metasploit: https://metasploit.com/download Current source:...

8.8CVSS0.4AI score0.98391EPSS
Exploits20
Metasploit
Metasploit
•added 2018/01/22 2:44 p.m.•54 views

AsusWRT LAN Unauthenticated Remote Code Execution

The HTTP server in AsusWRT has a flaw where it allows an unauthenticated client to perform a POST in certain cases. This can be combined with another vulnerability in the VPN configuration upload routine that sets NVRAM configuration variables directly from the POST request to enable a special...

9.8CVSS10AI score0.8741EPSS
Exploits11
Total number of security vulnerabilities5000