6841 matches found
CitectSCADA/CitectFacilities ODBC Buffer Overflow
This module exploits a stack buffer overflow in CitectSCADA's ODBC daemon. This has only been tested against Citect v5, v6 and v7. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule...
MOXA Device Manager Tool 2.1 Buffer Overflow
This module exploits a stack buffer overflow in MOXA MDM Tool 2.1. When sending a specially crafted MDMGw MDM2Gateway response, an attacker may be able to execute arbitrary code. This module requires Metasploit: https://metasploit.com/download Current source:...
ProFTPD 1.3.2rc3 - 1.3.3b Telnet IAC Buffer Overflow (Linux)
This module exploits a stack-based buffer overflow in versions of ProFTPD server between versions 1.3.2rc3 and 1.3.3b. By sending data containing a large number of Telnet IAC commands, an attacker can corrupt memory and execute arbitrary code. The Debian Squeeze version of the exploit uses a litt...
Metasploit Web Crawler
This auxiliary module is a modular web crawler, to be used in conjunction with wmap someday or standalone. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Web Crawler. Author: Efrain Torres et at metasploit.com 2010...
CA BrightStor ARCserve for Laptops and Desktops LGServer Multiple Commands Buffer Overflow
This module exploits a stack buffer overflow in Computer Associates BrightStor ARCserve Backup for Laptops & Desktops 11.1. By sending a specially crafted request to multiple commands, an attacker could overflow the buffer and execute arbitrary code. This module requires Metasploit:...
MOXA MediaDBPlayback ActiveX Control Buffer Overflow
This module exploits a stack buffer overflow in MOXAActiveXSDK. When sending an overly long string to the PlayFileName of MediaDBPlayback.DLL 2.2.0.5 an attacker may be able to execute arbitrary code. This module requires Metasploit: https://metasploit.com/download Current source:...
ProFTPD 1.3.2rc3 - 1.3.3b Telnet IAC Buffer Overflow (FreeBSD)
This module exploits a stack-based buffer overflow in versions of ProFTPD server between versions 1.3.2rc3 and 1.3.3b. By sending data containing a large number of Telnet IAC commands, an attacker can corrupt memory and execute arbitrary code. This module requires Metasploit:...
Network Associates PGP KeyServer 7 LDAP Buffer Overflow
This module exploits a stack buffer overflow in the LDAP service that is part of the NAI PGP Enterprise product suite. This module was tested against PGP KeyServer v7.0. Due to space restrictions, egghunter is used to find our payload - therefore you may wish to adjust WfsDelay. This module...
Adobe XML External Entity Injection
Multiple Adobe Products -- XML External Entity Injection. Affected Software: BlazeDS 3.2 and earlier versions, LiveCycle 9.0, 8.2.1, and 8.0.1, LiveCycle Data Services 3.0, 2.6.1, and 2.5.1, Flex Data Services 2.0.1, ColdFusion 9.0, 8.0.1, 8.0, and 7.0.2 This module requires Metasploit:...
CA BrightStor ARCserve for Laptops and Desktops LGServer rxsSetDataGrowthScheduleAndFilter Buffer Overflow
This module exploits a stack buffer overflow in Computer Associates BrightStor ARCserve Backup for Laptops & Desktops 11.1. By sending a specially crafted request rxsSetDataGrowthScheduleAndFilter, an attacker could overflow the buffer and execute arbitrary code. This module requires Metasploit:...
Webster HTTP Server GET Buffer Overflow
This exploits a stack buffer overflow in the Webster HTTP server. The server and source code was released within an article from the Microsoft Systems Journal in February 1996 titled "Write a Simple HTTP-based Server Using MFC and Windows Sockets". This module requires Metasploit:...
ColdFusion 8.0.1 Arbitrary File Upload and Execute
This module exploits the Adobe ColdFusion 8.0.1 FCKeditor 'CurrentFolder' File Upload and Execute vulnerability. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ColdFusion 8.0.1 Arbitrary File...
Adobe Flash Player "Button" Remote Code Execution
This module exploits a vulnerability in the handling of certain SWF movies within versions 9.x and 10.0 of Adobe Flash Player. Adobe Reader and Acrobat are also vulnerable, as are any other applications that may embed Flash player. Arbitrary code execution is achieved by embedding a specially...
Sun Java Runtime New Plugin docbase Buffer Overflow
This module exploits a flaw in the new plugin component of the Sun Java Runtime Environment before v6 Update 22. By specifying specific parameters to the new plugin, an attacker can cause a stack-based buffer overflow and execute arbitrary code. When the new plugin is invoked with a "launchjnlp"...
Oracle VM Server Virtual Server Agent Command Injection
This module exploits a command injection flaw within Oracle's VM Server Virtual Server Agent ovs-agent service. By including shell meta characters within the second parameter to the 'utltesturl' XML-RPC methodCall, an attacker can execute arbitrary commands. The service typically runs with root...
Adobe Shockwave rcsL Memory Corruption
This module exploits a weakness in the Adobe Shockwave player's handling of Director movies .DIR. A memory corruption vulnerability occurs through an undocumented rcsL chunk. This module requires Metasploit: https://metasploit.com/download Current source:...
Fat Player Media Player 0.6b0 Buffer Overflow
This module exploits a buffer overflow in Fat Player 0.6b. When the application is used to import a specially crafted wav file, a buffer overflow occurs allowing arbitrary code execution. This module requires Metasploit: https://metasploit.com/download Current source:...
DATAC RealWin SCADA Server SCPC_INITIALIZE Buffer Overflow
This module exploits a stack buffer overflow in DATAC Control International RealWin SCADA Server 2.0 Build 6.1.8.10. By sending a specially crafted packet, an attacker may be able to execute arbitrary code. This module requires Metasploit: https://metasploit.com/download Current source:...
DATAC RealWin SCADA Server SCPC_INITIALIZE_RF Buffer Overflow
This module exploits a stack buffer overflow in DATAC Control International RealWin SCADA Server 2.0 Build 6.1.8.10. By sending a specially crafted packet, an attacker may be able to execute arbitrary code. This module requires Metasploit: https://metasploit.com/download Current source:...
printf(1) via PHP magic_quotes Utility Command Encoder
This encoder uses the printf1 utility to avoid restricted characters. Some shell variable substitution may also be used if needed symbols are blacklisted. Some characters are intentionally left unescaped since it is assumed that PHP with magicquotesgpc enabled will escape them during request...
Novell iManager getMultiPartParameters Arbitrary File Upload
This module exploits a directory traversal vulnerability which allows remote attackers to upload and execute arbitrary code. PortalModuleInstallManager This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...
Oracle DB SQL Injection via SYS.DBMS_CDC_PUBLISH.CREATE_CHANGE_SET
The module exploits an sql injection flaw in the CREATECHANGESET procedure of the PL/SQL package DBMSCDCPUBLISH. Any user with execute privilege on the vulnerable package can exploit this vulnerability. By default, users granted EXECUTECATALOGROLE have the required privilege. This module requires...
Odin Secure FTP 4.1 Stack Buffer Overflow (LIST)
This module exploits a stack buffer overflow in Odin Secure FTP 4.1, triggered when processing the response on a LIST command. During the overflow, a structured exception handler record gets overwritten. This module requires Metasploit: https://metasploit.com/download Current source:...
FileWrangler 5.30 Stack Buffer Overflow
This module exploits a buffer overflow in the FileWrangler client that is triggered when the client connects to a FTP server and lists the directory contents, containing an overly long directory name. This module requires Metasploit: https://metasploit.com/download Current source:...
32bit FTP Client Stack Buffer Overflow
This module exploits a stack buffer overflow in 32bit ftp client, triggered when trying to download a file that has an overly long filename. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule '32bi...
Simple FTP Client Fuzzer
This module will serve an FTP server and perform FTP client interaction fuzzing This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Fuzzer written by corelanc0d3r -...
FTP Synchronizer Professional 4.0.73.274 Stack Buffer Overflow
This module exploits a stack buffer overflow vulnerability in FTP Synchronizer Pro version 4.0.73.274 The overflow gets triggered by sending an overly long filename to the client in response to a LIST command. The LIST command gets issued when doing a preview or when you have just created a new...
Seagull FTP v3.3 Build 409 Stack Buffer Overflow
This module exploits a buffer overflow in the Seagull FTP client that gets triggered when the ftp client processes a response to a LIST command. If the response contains an overly long file/folder name, a buffer overflow occurs, overwriting a structured exception handler. This module requires...
FTPGetter Standard v3.55.0.05 Stack Buffer Overflow (PWD)
This module exploits a buffer overflow in FTPGetter Standard v3.55.0.05 ftp client. When processing the response on a PWD command, a stack based buffer overflow occurs. This leads to arbitrary code execution when a structured exception handler gets overwritten. This module requires Metasploit:...
LeapFTP 3.0.1 Stack Buffer Overflow
This module exploits a buffer overflow in the LeapFTP 3.0.1 client. This issue is triggered when a file with a long name is downloaded/opened. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule...
Gekko Manager FTP Client Stack Buffer Overflow
This module exploits a buffer overflow in Gekko Manager ftp client, triggered when processing the response received after sending a LIST request. If this response contains a long filename, a buffer overflow occurs, overwriting a structured exception handler. This module requires Metasploit:...
AASync v2.2.1.0 (Win32) Stack Buffer Overflow (LIST)
This module exploits a stack buffer overflow in AASync v2.2.1.0, triggered when processing the response on a LIST command. During the overflow, a structured exception handler record gets overwritten. This module requires Metasploit: https://metasploit.com/download Current source:...
FTPPad 1.2.0 Stack Buffer Overflow
This module exploits a stack buffer overflow FTPPad 1.2.0 ftp client. The overflow is triggered when the client connects to a FTP server which sends an overly long directory and filename in response to a LIST command. This will cause an access violation, and will eventually overwrite the saved...
FTPShell 5.1 Stack Buffer Overflow
This module exploits a stack buffer overflow in FTPShell 5.1. The overflow gets triggered when the ftp client tries to process an overly long response to a PWD command. This will overwrite the saved EIP and structured exception handler. This module requires Metasploit:...
Barracuda Multiple Product "locale" Directory Traversal
This module exploits a directory traversal vulnerability present in several Barracuda products, including the Barracuda Spam and Virus Firewall, Barracuda SSL VPN, and the Barracuda Web Application Firewall. By default, this module will attempt to download the Barracuda configuration file. This...
Generic Web Application Unix Command Execution
This module can be used to exploit any generic command execution vulnerability for CGI applications on Unix-like platforms. To use this module, specify the CMDURI path, replacing the command itself with XXcmdXX. This module is currently limited to forms vulnerable through GET requests with query...
Nuance PDF Reader v6.0 Launch Stack Buffer Overflow
This module exploits a stack buffer overflow in Nuance PDF Reader v6.0. The vulnerability is triggered when opening a malformed PDF file that contains an overly long string in a /Launch field. This results in overwriting a structured exception handler record. This exploit does not use javascript...
MS09-053 Microsoft IIS FTP Server NLST Response Overflow
This module exploits a stack buffer overflow flaw in the Microsoft IIS FTP service. The flaw is triggered when a special NLST argument is passed while the session has changed into a long directory path. For this exploit to work, the FTP server must be configured to allow write access to the file...
CA BrightStor ARCserve Message Engine 0x72 Buffer Overflow
This module exploits a buffer overflow in Computer Associates BrightStor ARCserve Backup 11.1 - 11.5 SP2. By sending a specially crafted RPC request, an attacker could overflow the buffer and execute arbitrary code. This module requires Metasploit: https://metasploit.com/download Current source:...
Trend Micro Internet Security Pro 2010 ActiveX extSetOwner() Remote Code Execution
This module exploits a remote code execution vulnerability in Trend Micro Internet Security Pro 2010 ActiveX. When sending an invalid pointer to the extSetOwner function of UfPBCtrl.dll an attacker may be able to execute arbitrary code. This module requires Metasploit:...
Digital Music Pad Version 8.2.3.3.4 Stack Buffer Overflow
This module exploits a buffer overflow in Digital Music Pad Version 8.2.3.3.4 When opening a malicious pls file with the Digital Music Pad, a remote attacker could overflow a buffer and execute arbitrary code. This module requires Metasploit: https://metasploit.com/download Current source:...
Windows MessageBox
Spawns a dialog via MessageBox using a customizable title, text & icon This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 231 include Msf::Payload::Windows include Msf::Payload::Singl...
Novell iPrint Client ActiveX Control ExecuteRequest debug Buffer Overflow
This module exploits a stack-based buffer overflow in Novell iPrint Client 5.40. When sending an overly long string to the 'debug' parameter in ExecuteRequest property of ienipp.ocx an attacker may be able to execute arbitrary code. This module requires Metasploit: https://metasploit.com/download...
Novell iPrint Client ActiveX Control call-back-url Buffer Overflow
This module exploits a stack-based buffer overflow in Novell iPrint Client 5.42. When sending an overly long string to the 'call-back-url' parameter in an op-client-interface-version action of ienipp.ocx an attacker may be able to execute arbitrary code. This module requires Metasploit:...
Lotus Domino Password Hash Collector
Get users passwords hashes from names.nsf page This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Lotus Domino Password Hash Collector', 'Description' = 'Get users passwords hashes from names.nsf...
FrontPage Server Extensions Anonymous Login Scanner
This module queries the FrontPage Server Extensions and determines whether anonymous access is allowed. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FrontPage Server Extensions Anonymous Log...
SMB File Upload Utility
This module uploads a file to a target share and path. The only reason to use this module is if your existing SMB client is not able to support the features of the Metasploit Framework that you need, like pass-the-hash authentication. This module requires Metasploit: https://metasploit.com/downlo...
MS10-061 Microsoft Print Spooler Service Impersonation Vulnerability
This module exploits the RPC service impersonation vulnerability detailed in Microsoft Bulletin MS10-061. By making a specific DCE RPC request to the StartDocPrinter procedure, an attacker can impersonate the Printer Spooler service to create a file. The working directory at the time is...
Socks4a Proxy Server
This module provides a socks4a proxy server that uses the builtin Metasploit routing to relay connections...
Race River Integard Home/Pro LoginAdmin Password Stack Buffer Overflow
This module exploits a stack buffer overflow in Race river's Integard Home/Pro internet content filter HTTP Server. Versions prior to 2.0.0.9037 and 2.2.0.9037 are vulnerable. The administration web page on port 18881 is vulnerable to a remote buffer overflow attack. By sending a long character...