Lucene search
K
MetasploitMost viewed

6847 matches found

Metasploit
Metasploit
•added 2011/07/07 2:53 p.m.•39 views

OS X Gather Mac OS X System Information Enumeration

This module gathers basic system information from Mac OS X Tiger 10.4, through Mojave 10.14. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OS X Gather Mac OS X System Information Enumeration'...

7.1AI score
Exploits0
Metasploit
Metasploit
•added 2011/06/20 12:37 a.m.•39 views

DATAC RealWin SCADA Server 2 On_FC_CONNECT_FCS_a_FILE Buffer Overflow

This module exploits a vulnerability found in DATAC Control International RealWin SCADA Server 2.1 and below. By supplying a specially crafted OnFCBINFILEFCSFILE packet via port 910, RealWin will try to create a file which would be saved to C:\Program Files\DATAC\Real Win\RW-version\filename by...

10CVSS0.4AI score0.74638EPSS
Exploits15
Metasploit
Metasploit
•added 2011/05/06 3:29 p.m.•39 views

VideoLAN VLC ModPlug ReadS3M Stack Buffer Overflow

This module exploits an input validation error in libmodplugin as included with VideoLAN VLC 1.1.8. All versions prior to version 1.1.9 are affected. By creating a malicious S3M file, a remote attacker could execute arbitrary code. Although other products that bundle libmodplug may be vulnerable,...

6.8CVSS0.6AI score0.42941EPSS
Exploits8
Metasploit
Metasploit
•added 2011/02/08 11:31 p.m.•39 views

MS11-006 Microsoft Windows CreateSizedDIBSECTION Stack Buffer Overflow

This module exploits a stack-based buffer overflow in the handling of thumbnails within .MIC files and various Office documents. When processing a thumbnail bitmap containing a negative 'biClrUsed' value, a stack-based buffer overflow occurs. This leads to arbitrary code execution. In order to...

9.3CVSS8AI score0.67687EPSS
Exploits10
Metasploit
Metasploit
•added 2011/01/25 1:2 p.m.•39 views

Windows Manage Local User Account Deletion

This module deletes a local user account from the specified server, or the local machine if no server is given. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Manage Local User Account...

7.2AI score
Exploits0
Metasploit
Metasploit
•added 2011/01/24 10:14 p.m.•39 views

SMB Domain User Enumeration

Determine what domain users are logged into a remote system via a DCERPC to NetWkstaUserEnum. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SMB Domain User Enumeration', 'Description' =...

7.3AI score
Exploits0
Metasploit
Metasploit
•added 2011/01/11 2:2 a.m.•39 views

Windows Gather Logged On User Enumeration (Registry)

This module will enumerate current and recently logged on Windows users. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Gather Logged On User Enumeration Registry', 'Description' = %q...

7AI score
Exploits0
Metasploit
Metasploit
•added 2011/01/07 12:28 a.m.•39 views

Multi Gather Generic Operating System Environment Settings

This module prints out the operating system environment variables. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Multi Gather Generic Operating System Environment Settings', 'Description' = %...

0.4AI score
Exploits0
Metasploit
Metasploit
•added 2010/12/10 5:47 a.m.•39 views

Cisco IOS HTTP Unauthorized Administrative Access

This module exploits a vulnerability in the Cisco IOS HTTP Server. By sending a GET request for "/level/num/exec/..", where num is between 16 and 99, it is possible to bypass authentication and obtain full system control. IOS 11.3 - 12.2 are reportedly vulnerable. This module tested successfully...

9.3CVSS7.2AI score0.6845EPSS
Exploits8
Metasploit
Metasploit
•added 2010/12/07 5:44 p.m.•39 views

Trixbox langChoice PHP Local File Inclusion

This module injects php into the trixbox session file and then, in a second call, evaluates that code by manipulating the langChoice parameter as described in OSVDB-50421. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framewo...

6.8CVSS10AI score0.20271EPSS
Exploits2
Metasploit
Metasploit
•added 2010/10/22 6:16 a.m.•39 views

Oracle VM Server Virtual Server Agent Command Injection

This module exploits a command injection flaw within Oracle's VM Server Virtual Server Agent ovs-agent service. By including shell meta characters within the second parameter to the 'utltesturl' XML-RPC methodCall, an attacker can execute arbitrary commands. The service typically runs with root...

9CVSS0.9AI score0.52706EPSS
Exploits4
Metasploit
Metasploit
•added 2010/07/25 9:37 p.m.•39 views

MS07-029 Microsoft DNS RPC Service extractQuotedChar() Overflow (SMB)

This module exploits a stack buffer overflow in the RPC interface of the Microsoft DNS service. The vulnerability is triggered when a long zone name parameter is supplied that contains escaped octal strings. This module is capable of bypassing NX/DEP protection on Windows 2003 SP1/SP2. This modul...

10CVSS0.2AI score0.79128EPSS
Exploits17
Metasploit
Metasploit
•added 2010/06/10 7:52 p.m.•39 views

Adobe Flash Player "newfunction" Invalid Pointer Use

This module exploits a vulnerability in the DoABC tag handling within versions 9.x and 10.0 of Adobe Flash Player. Adobe Reader and Acrobat are also vulnerable, as are any other applications that may embed Flash player. Arbitrary code execution is achieved by embedding a specially crafted Flash...

7.8CVSS10AI score0.82296EPSS
Exploits22
Metasploit
Metasploit
•added 2010/04/15 4:8 p.m.•39 views

Microsoft Windows 7 / Server 2008 R2 SMB Client Infinite Loop

This module exploits a denial of service flaw in the Microsoft Windows SMB client on Windows 7 and Windows Server 2008 R2. To trigger this bug, run this module as a service and forces a vulnerable client to access the IP of this system as an SMB server. This can be accomplished by embedding a UNC...

9.3CVSS0.4AI score0.30879EPSS
Exploits3
Metasploit
Metasploit
•added 2010/04/05 8:25 p.m.•39 views

MS10-018 Microsoft Internet Explorer Tabular Data Control ActiveX Memory Corruption

This module exploits a memory corruption vulnerability in the Internet Explorer Tabular Data ActiveX Control. Microsoft reports that version 5.01 and 6 of Internet Explorer are vulnerable. By specifying a long value as the "DataURL" parameter to this control, it is possible to write a NUL byte...

9.3CVSS0.9AI score0.80603EPSS
Exploits13
Metasploit
Metasploit
•added 2010/02/08 7:4 p.m.•39 views

Microsoft IIS WebDAV Write Access Code Execution

This module can be used to execute a payload on IIS servers that have world-writeable directories. The payload is uploaded as an ASP script via a WebDAV PUT request. The target IIS machine must meet these conditions to be considered as exploitable: It allows 'Script resource access', Read and Wri...

7.2AI score
Exploits0
Metasploit
Metasploit
•added 2010/02/01 2:12 a.m.•39 views

HTTP SOAP Verb/Noun Brute Force Scanner

This module attempts to brute force SOAP/XML requests to uncover hidden methods. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HTTP SOAP Verb/Noun Brute Force Scanner', 'Description' = %q Thi...

7AI score
Exploits0
Metasploit
Metasploit
•added 2010/01/03 8:10 a.m.•39 views

MS09-004 Microsoft SQL Server sp_replwritetovarbin Memory Corruption

A heap-based buffer overflow can occur when calling the undocumented "spreplwritetovarbin" extended stored procedure. This vulnerability affects all versions of Microsoft SQL Server 2000 and 2005, Windows Internal Database, and Microsoft Desktop Engine MSDE without the updates supplied in MS09-00...

9CVSS0.2AI score0.87036EPSS
Exploits12
Metasploit
Metasploit
•added 2009/11/25 10:24 p.m.•39 views

Adobe U3D CLODProgressiveMeshDeclaration Array Overrun

This module exploits an array overflow in Adobe Reader and Adobe Acrobat. Affected versions include 'Adobe U3D CLODProgressiveMeshDeclaration Array Overrun', 'Description' = %q This module exploits an array overflow in Adobe Reader and Adobe Acrobat. Affected versions include MSFLICENSE, 'Author'...

8.8CVSS1AI score0.83574EPSS
Exploits3
Metasploit
Metasploit
•added 2009/04/13 2:33 p.m.•39 views

Samba lsa_io_trans_names Heap Overflow

This module triggers a heap overflow in the LSA RPC service of the Samba daemon. This module uses the TALLOC chunk overwrite method credit Ramon and Adriano, which only works with Samba versions 3.0.21-3.0.24. Additionally, this module will not work when the Samba "log level" parameter is higher...

10CVSS7.6AI score0.77806EPSS
Exploits23
Metasploit
Metasploit
•added 2008/11/20 3:42 a.m.•39 views

Unix Command Shell, Bind TCP (via Ruby)

Continually listen for a connection and spawn a command shell via Ruby This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 137 include Msf::Payload::Single include...

0.2AI score
Exploits0
Metasploit
Metasploit
•added 2008/09/01 11:28 a.m.•39 views

EMC AlphaStor Device Manager Arbitrary Command Execution

EMC AlphaStor Device Manager is prone to a remote command-injection vulnerability because the application fails to properly sanitize user-supplied input. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...

10CVSS7.3AI score0.35753EPSS
Exploits6
Metasploit
Metasploit
•added 2008/02/07 11:8 p.m.•39 views

Facebook Photo Uploader 4 ActiveX Control Buffer Overflow

This module exploits a stack buffer overflow in Facebook Photo Uploader 4. By sending an overly long string to the "ExtractIptc" property located in the ImageUploader4.ocx 4.5.57.0 Control, an attacker may be able to execute arbitrary code. This module requires Metasploit:...

9.3CVSS0.9AI score0.32696EPSS
Exploits3
Metasploit
Metasploit
•added 2006/06/15 3:30 p.m.•39 views

MS06-025 Microsoft RRAS Service Overflow

This module exploits a stack buffer overflow in the Windows Routing and Remote Access Service. Since the service is hosted inside svchost.exe, a failed exploit attempt can cause other system services to fail as well. A valid username and password is required to exploit this flaw on Windows 2000...

7.5CVSS0.6AI score0.72969EPSS
Exploits18
Metasploit
Metasploit
•added 2005/12/25 10:47 p.m.•39 views

MS04-011 Microsoft Private Communications Transport Overflow

This module exploits a buffer overflow in the Microsoft Windows SSL PCT protocol stack. This code is based on Johnny Cyberpunk's THC release and has been tested against Windows 2000 and Windows XP. To use this module, specify the remote port of any SSL service, or the port and protocol of an...

7.5CVSS8AI score0.83412EPSS
Exploits8
Metasploit
Metasploit
•added 2022/09/08 7:49 p.m.•38 views

Windows shellcode stage, Reverse HTTP Stager Proxy

Custom shellcode stage. Tunnel communication over HTTP Module Options msf use payload/windows/custom/reversehttpproxypstore msf payloadreversehttpproxypstore show actions ...actions... msf payloadreversehttpproxypstore set ACTION msf payloadreversehttpproxypstore show options ...show and set...

7.1AI score
Exploits0
Metasploit
Metasploit
•added 2021/01/05 5:42 p.m.•38 views

SpamTitan Unauthenticated RCE

TitanHQ SpamTitan Gateway is an anti-spam appliance that protects against unwanted emails and malwares. This module exploits an improper input sanitization in versions 7.01, 7.02, 7.03 and 7.07 to inject command directives into the SNMP configuration file and get remote code execution as root. No...

10CVSS9.8AI score0.73668EPSS
Exploits5
Metasploit
Metasploit
•added 2020/06/09 5:7 p.m.•38 views

Cayin xPost wayfinder_seqid SQLi to RCE

This module exploits an unauthenticated SQLi in Cayin xPost 'Cayin xPost wayfinderseqid SQLi to RCE', 'Description' = %q This module exploits an unauthenticated SQLi in Cayin xPost MSFLICENSE, 'Author' = 'h00die', msf module 'Gjoko Krstic LiquidWorm...

10CVSS9.5AI score0.14014EPSS
Exploits5
Metasploit
Metasploit
•added 2020/05/01 5:19 p.m.•38 views

Veeam ONE Agent .NET Deserialization

This module exploits a .NET deserialization vulnerability in the Veeam ONE Agent before the hotfix versions 9.5.5.4587 and 10.0.1.750 in the 9 and 10 release lines. Specifically, the module targets the HandshakeResult method used by the Agent. By inducing a failure in the handshake, the Agent wil...

9.8CVSS0.9AI score0.86619EPSS
Exploits4
Metasploit
Metasploit
•added 2019/10/27 4:25 p.m.•38 views

Adobe ColdFusion RDS Authentication Bypass

Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication using the RDS component. Due to default settings or misconfiguration, its password can be set to an empty value. This allows an attacker to create a session via the RDS login that can be carried over to th...

0.8AI score
Exploits0
Metasploit
Metasploit
•added 2019/10/15 3:11 p.m.•38 views

Total.js CMS 12 Widget JavaScript Code Injection

This module exploits a vulnerability in Total.js CMS. The issue is that a user with admin permission can embed a malicious JavaScript payload in a widget, which is evaluated server side, and gain remote code execution. This module requires Metasploit: https://metasploit.com/download Current sourc...

9.9CVSS7.3AI score0.79204EPSS
Exploits5
Metasploit
Metasploit
•added 2019/07/26 12:42 a.m.•38 views

Linux x64 Pingback, Reverse TCP Inline

Connect back to attacker and report UUID Linux x64 This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 125 include Msf::Payload::Linux::X64::Prepends include Msf::Payload::Single inclu...

7.3AI score
Exploits0
Metasploit
Metasploit
•added 2019/07/12 9:2 p.m.•38 views

Cisco Data Center Network Manager Unauthenticated Remote Code Execution

DCNM exposes a file upload servlet FileUploadServlet at /fm/fileUpload. An authenticated user can abuse this servlet to upload a WAR to the Apache Tomcat webapps directory and achieve remote code execution as root. This module exploits two other vulnerabilities, CVE-2019-1619 for authentication...

9.8CVSS8.5AI score0.8378EPSS
Exploits8
Metasploit
Metasploit
•added 2018/12/24 8:3 a.m.•38 views

blueman set_dhcp_handler D-Bus Privilege Escalation

This module attempts to gain root privileges by exploiting a Python code injection vulnerability in blueman versions prior to 2.0.3. The org.blueman.Mechanism.EnableNetwork D-Bus interface exposes the setdhcphandler function which uses user input in a call to eval, without sanitization, resulting...

8.4CVSS8.3AI score0.0634EPSS
Exploits4
Metasploit
Metasploit
•added 2018/07/12 12:16 p.m.•38 views

IPTABLES rules removal

This module will be applied on a session connected to a shell. It will remove all IPTABLES rules. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'IPTABLES rules removal', 'Description' = %q Thi...

0.1AI score
Exploits0
Metasploit
Metasploit
•added 2018/01/05 11:28 a.m.•38 views

HPE iMC dbman RestoreDBase Unauthenticated RCE

This module exploits a remote command execution vulnerablity in Hewlett Packard Enterprise Intelligent Management Center before version 7.3 E0504P04. The dbman service allows unauthenticated remote users to restore a user-specified database OpCode 10007, however the database connection username i...

9.8CVSS1.2AI score0.82877EPSS
Exploits8
Metasploit
Metasploit
•added 2017/11/28 1:12 p.m.•38 views

Western Digital MyCloud multi_uploadify File Upload Vulnerability

This module exploits a file upload vulnerability found in Western Digital's MyCloud NAS web administration HTTP service. The /web/jquery/uploader/multiuploadify.php PHP script provides multipart upload functionality that is accessible without authentication and can be used to place a file anywher...

9.8CVSS8.1AI score0.73404EPSS
Exploits6
Metasploit
Metasploit
•added 2017/08/19 10:12 a.m.•38 views

R Command Shell, Bind TCP

Continually listen for a connection and spawn a command shell via R This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 125 include Msf::Payload::Single include Msf::Payload::R include...

7.2AI score
Exploits0
Metasploit
Metasploit
•added 2017/05/02 9:19 p.m.•38 views

Module to Probe Different Data Points in a CAN Packet

Scans between two CAN IDs and writes data at each byte position. It will either write a set byte value Default 0xFF or iterate through all possible values of that byte position takes much longer. Does not check for responses and is basically a simple blind fuzzer. This module requires Metasploit:...

0.1AI score
Exploits0
Metasploit
Metasploit
•added 2017/02/24 9:29 a.m.•38 views

Architecture Migrate

This module checks if the meterpreter architecture is the same as the OS architecture and if it's incompatible it spawns a new process with the correct architecture and migrates into that process. This module requires Metasploit: https://metasploit.com/download Current source:...

0.6AI score
Exploits0
Metasploit
Metasploit
•added 2016/10/06 11:25 p.m.•38 views

HTA Web Server

This module hosts an HTML Application HTA that when opened will run a payload via Powershell. When a user navigates to the HTA file they will be prompted by IE twice before the payload is executed. This module requires Metasploit: https://metasploit.com/download Current source:...

6.9AI score
Exploits0
Metasploit
Metasploit
•added 2016/09/07 12:22 a.m.•38 views

Hak5 WiFi Pineapple Preconfiguration Command Injection

This module exploits a login/csrf check bypass vulnerability on WiFi Pineapples version 2.0 'Hak5 WiFi Pineapple Preconfiguration Command Injection', 'Description' = %q This module exploits a login/csrf check bypass vulnerability on WiFi Pineapples version 2.0 'catatonicprime', 'License' =...

7.5CVSS0.4AI score0.36954EPSS
Exploits7
Metasploit
Metasploit
•added 2015/12/14 6:40 p.m.•38 views

Redis File Upload

This module can be used to leverage functionality exposed by Redis to achieve somewhat arbitrary file upload to a file and directory to which the user account running the redis instance has access. It is not totally arbitrary because the exact contents of the file cannot be completely controlled...

7.4AI score
Exploits0
Metasploit
Metasploit
•added 2015/09/09 4:41 p.m.•38 views

CMS Bolt File Upload Vulnerability

Bolt CMS contains a flaw that allows an authenticated remote attacker to execute arbitrary PHP code. This module was tested on version 2.2.4. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'CMS...

6.5CVSS7.6AI score0.38611EPSS
Exploits2
Metasploit
Metasploit
•added 2015/07/16 5:36 a.m.•38 views

OpenSSL Alternative Chains Certificate Forgery MITM Proxy

This module exploits a logic error in OpenSSL by impersonating the server and sending a specially-crafted chain of certificates, resulting in certain checks on untrusted certificates to be bypassed on the client, allowing it to use a valid leaf certificate as a CA certificate to sign a fake...

6.5CVSS0.61798EPSS
Exploits6
Metasploit
Metasploit
•added 2015/06/03 8:38 p.m.•38 views

SysAid Help Desk Administrator Account Creation

This module exploits a vulnerability in SysAid Help Desk that allows an unauthenticated user to create an administrator account. Note that this exploit will only work once. Any subsequent attempts will fail. On the other hand, the credentials must be verified manually. This module has been tested...

7.5CVSS7.1AI score0.55362EPSS
Exploits7
Metasploit
Metasploit
•added 2015/01/04 5:5 p.m.•38 views

ManageEngine Multiple Products Authenticated File Upload

This module exploits a directory traversal vulnerability in ManageEngine ServiceDesk, AssetExplorer, SupportCenter and IT360 when uploading attachment files. The JSP that accepts the upload does not handle correctly '../' sequences, which can be abused to write to the file system. Authentication ...

8.8CVSS7AI score0.78378EPSS
Exploits7
Metasploit
Metasploit
•added 2014/09/12 1:57 p.m.•38 views

Advantech WebAccess dvs.ocx GetColor Buffer Overflow

This module exploits a buffer overflow vulnerability in Advantec WebAccess. The vulnerability exists in the dvs.ocx ActiveX control, where a dangerous call to sprintf can be reached with user controlled data through the GetColor function. This module has been tested successfully on Windows XP SP3...

7.5CVSS7.4AI score0.61384EPSS
Exploits6
Metasploit
Metasploit
•added 2014/03/25 8:13 a.m.•38 views

Linux Execute Command

A very small shellcode for executing commands. This module is sometimes helpful for testing purposes as well as on targets with extremely limited buffer space. -- coding: binary -- This module requires Metasploit: https://metasploit.com/download Current source:...

7.6AI score
Exploits0
Metasploit
Metasploit
•added 2014/01/02 4:48 p.m.•38 views

Command Shell, Bind TCP (via Firefox XPCOM script)

Creates an interactive shell via Javascript with access to Firefox's XPCOM API This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = :dynamic include Msf::Payload::Single include...

0.1AI score
Exploits0
Total number of security vulnerabilities5000