6841 matches found
IBM Lotus Domino Web Server Accept-Language Stack Buffer Overflow
This module exploits a stack buffer overflow in IBM Lotus Domino Web Server prior to version 7.0.3FP1 and 8.0.1. This flaw is triggered by any HTTP request with an Accept-Language header greater than 114 bytes. This module requires Metasploit: https://metasploit.com/download Current source:...
Microsoft Whale Intelligent Application Gateway ActiveX Control Buffer Overflow
This module exploits a stack buffer overflow in Microsoft Whale Intelligent Application Gateway Whale Client. When sending an overly long string to CheckForUpdates method of WhlMgr.dll 3.1.502.64 an attacker may be able to execute arbitrary code. This module requires Metasploit:...
WinZip FileView (WZFILEVIEW.FileViewCtrl.61) ActiveX Buffer Overflow
The FileView ActiveX control WZFILEVIEW.FileViewCtrl.61 could allow a remote attacker to execute arbitrary code on the system. The control contains several unsafe methods and is marked safe for scripting and safe for initialization. A remote attacker could exploit this vulnerability to execute...
TCP "XMas" Port Scanner
Enumerate open|filtered TCP services using a raw "XMas" scan; this sends probes containing the FIN, PSH and URG flags. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'TCP "XMas" Port Scanner',...
TCP ACK Firewall Scanner
Map out firewall rulesets with a raw ACK scan. Any unfiltered ports found means a stateful firewall is not in place for them. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'TCP ACK Firewall...
Google Appliance ProxyStyleSheet Command Execution
This module exploits a feature in the Saxon XSLT parser used by the Google Search Appliance. This feature allows for arbitrary java methods to be called. Google released a patch and advisory to their client base in August of 2005 GA-2005-08-m. The target appliance must be able to connect back to...
Samba lsa_io_trans_names Heap Overflow
This module triggers a heap overflow in the LSA RPC service of the Samba daemon. This module uses the TALLOC chunk overwrite method credit Ramon and Adriano, which only works with Samba versions 3.0.21-3.0.24. Additionally, this module will not work when the Samba "log level" parameter is higher...
HTTP Options Detection
Display available HTTP options for each system This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HTTP Options Detection', 'Description' = 'Display available HTTP options for each system', 'Author...
Oracle SMB Relay Code Execution
This module will help you to get Administrator access to OS using an unprivileged Oracle database user you need only CONNECT and RESOURCE privileges. To do this you must firstly run smbsniffer or smbrelay module on your sever. Then you must connect to Oracle database and run this module...
XM Easy Personal FTP Server 5.7.0 NLST DoS
You need a valid login to DoS this FTP server, but even anonymous can do it as long as it has permission to call NLST. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'XM Easy Personal FTP Serve...
IPID Sequence Scanner
This module will probe hosts' IPID sequences and classify them using the same method Nmap uses when it's performing its IPID Idle Scan -sI and OS Detection -O. Nmap's probes are SYN/ACKs while this module's are SYNs. While this does not change the underlying functionality, it does change the chan...
SAP AG SAPgui EAI WebViewer3D Buffer Overflow
This module exploits a stack buffer overflow in Siemens Unigraphics Solutions Teamcenter Visualization EAI WebViewer3D ActiveX control that is bundled with SAPgui. When passing an overly long string the SaveViewToSessionFile method, arbitrary code may be executed. This module requires Metasploit:...
SIP Username Enumerator (UDP)
Scan for numeric username/extensions using OPTIONS/REGISTER requests This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SIP Username Enumerator UDP', 'Description' = 'Scan for numeric...
Adobe JBIG2Decode Heap Corruption
This module exploits a heap-based pointer corruption flaw in Adobe Reader 9.0.0 and earlier. This module relies upon javascript for the heap spray. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'zlib' class...
Foxit Reader Authorization Bypass
This module exploits an authorization bypass vulnerability in Foxit Reader build 1120. When an attacker creates a specially crafted pdf file containing an Open/Execute action, arbitrary commands can be executed without confirmation from the victim. This module requires Metasploit:...
SIP Endpoint Scanner (UDP)
Scan for SIP devices using OPTIONS requests This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SIP Endpoint Scanner UDP', 'Description' = 'Scan for SIP devices using OPTIONS requests', 'Author' =...
Adobe Collab.collectEmailInfo() Buffer Overflow
This module exploits a buffer overflow in Adobe Reader and Adobe Acrobat Professional 8.1.1. By creating a specially crafted pdf that a contains malformed Collab.collectEmailInfo call, an attacker may be able to execute arbitrary code. This module requires Metasploit:...
Adobe Collab.getIcon() Buffer Overflow
This module exploits a buffer overflow in Adobe Reader and Adobe Acrobat. Affected versions include 'Adobe Collab.getIcon Buffer Overflow', 'Description' = %q This module exploits a buffer overflow in Adobe Reader and Adobe Acrobat. Affected versions include MSFLICENSE, 'Author' = 'MC', 'Didier...
Adobe Collab.getIcon() Buffer Overflow
This module exploits a buffer overflow in Adobe Reader and Adobe Acrobat. Affected versions include 'Adobe Collab.getIcon Buffer Overflow', 'Description' = %q This module exploits a buffer overflow in Adobe Reader and Adobe Acrobat. Affected versions include MSFLICENSE, 'Author' = 'MC', 'Didier...
Adobe JBIG2Decode Memory Corruption
This module exploits a heap-based pointer corruption flaw in Adobe Reader 9.0.0 and earlier. This module relies upon javascript for the heap spray. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'zlib' class...
BEA WebLogic JSESSIONID Cookie Value Overflow
This module exploits a buffer overflow in BEA's WebLogic plugin. The vulnerable code is only accessible when clustering is configured. A request containing a long JSESSION cookie value can lead to arbitrary code execution. This module requires Metasploit: https://metasploit.com/download Current...
TCP SYN Port Scanner
Enumerate open TCP services using a raw SYN scan. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'TCP SYN Port Scanner', 'Description' = %q Enumerate open TCP services using a raw SYN scan. ,...
OS X (vfork) Command Shell, Bind TCP Inline
Listen for a connection, vfork if necessary, and spawn a command shell This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 152 include Msf::Payload::Single include Msf::Payload::Osx...
Mac OS X x86 iSight Photo Capture, Bind TCP Stager
Inject a Mach-O bundle to capture a photo from the iSight staged. Listen, read length, read buffer, execute This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework BindTcp ------- Mac OS X x86 bind TCP stager. module...
OS X (vfork) Command Shell, Reverse TCP Stager
Call vfork if necessary and spawn a command shell staged. Connect, read length, read buffer, execute This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework ReverseTcp ------- Mac OS X x86 Reverse TCP stager. module...
Mac OS X Inject Mach-O Bundle, Bind TCP Stager
Inject a custom Mach-O bundle into the exploited process. Listen, read length, read buffer, execute This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework BindTcp ------- Mac OS X x86 bind TCP stager. module MetasploitModule...
OS X (vfork) Command Shell, Bind TCP Stager
Call vfork if necessary and spawn a command shell staged. Listen, read length, read buffer, execute This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework BindTcp ------- Mac OS X x86 bind TCP stager. module MetasploitModule...
OS X (vfork) Command Shell, Reverse TCP Inline
Connect back to attacker, vfork if necessary, and spawn a command shell This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 131 include Msf::Payload::Single include Msf::Payload::Osx...
MacOS X QuickTime RTSP Content-Type Overflow
This module exploits a stack-based buffer overflow in Apple QuickTime before version 7.3.1. By sending an overly long RTSP response to a client, an attacker may be able to execute arbitrary code. This module requires Metasploit: https://metasploit.com/download Current source:...
Mac OS X Inject Mach-O Bundle, Reverse TCP Stager
Inject a custom Mach-O bundle into the exploited process. Connect, read length, read buffer, execute This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework ReverseTcp ------- Mac OS X x86 Reverse TCP stager. module...
Mac OS X mDNSResponder UPnP Location Overflow
This module exploits a buffer overflow that occurs when processing specially crafted requests set to mDNSResponder. All Mac OS X systems between version 10.4 and 10.4.9 without the 2007-005 patch are affected. This module requires Metasploit: https://metasploit.com/download Current source:...
Mac OS X x86 iSight Photo Capture, Reverse TCP Stager
Inject a Mach-O bundle to capture a photo from the iSight staged. Connect, read length, read buffer, execute This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework ReverseTcp ------- Mac OS X x86 Reverse TCP stager. module...
Orbit Downloader Connecting Log Creation Buffer Overflow
This module exploits a stack buffer overflow in Orbit Downloader 2.8.4. When an attacker serves up a malicious web site, arbitrary code may be executed. The PAYLOAD windows/shellbindtcp works best. This module requires Metasploit: https://metasploit.com/download Current source:...
Typo3 sa-2009-002 File Disclosure
This module exploits a file disclosure vulnerability in the jumpUrl mechanism of Typo3. This flaw can be used to read any file that the web server user account has access to. This module requires Metasploit: https://metasploit.com/download Current source:...
TCP SYN Flooder
A simple TCP SYN flooder This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'TCP SYN Flooder', 'Description' = 'A simple TCP SYN flooder', 'Author' = 'kris katterjohn', 'License' = MSFLICENSE...
Belkin Bulldog Plus Web Service Buffer Overflow
This module exploits a stack buffer overflow in Belkin Bulldog Plus 4.0.2 build 1219. When sending a specially crafted http request, an attacker may be able to execute arbitrary code. This module requires Metasploit: https://metasploit.com/download Current source:...
Apache Module mod_rewrite LDAP Protocol Buffer Overflow
This module exploits the modrewrite LDAP protocol scheme handling flaw discovered by Mark Dowd, which produces an off-by-one overflow. Apache versions 1.3.29-36, 2.0.47-58, and 2.2.1-2 are vulnerable. This module requires REWRITEPATH to be set accurately. In addition, the target must have...
Microsoft SRV.SYS WriteAndX Invalid DataOffset
This module exploits a denial of service vulnerability in the SRV.SYS driver of the Windows operating system. This module has been tested successfully against Windows Vista. This module requires Metasploit: https://metasploit.com/download Current source:...
Dogfood CRM spell.php Remote Command Execution
This module exploits a previously unpublished vulnerability in the Dogfood CRM mail function which is vulnerable to command injection in the spell check feature. Because of character restrictions, this exploit works best with the double-reverse telnet payload. This vulnerability was discovered by...
FlipViewer FViewerLoading ActiveX Control Buffer Overflow
This module exploits a stack buffer overflow in E-BOOK Systems FlipViewer 4.0. The vulnerability is caused due to a boundary error in the FViewerLoading FlipViewerX.dll ActiveX control when handling the "LoadOpf" method. This module requires Metasploit: https://metasploit.com/download Current...
EFS Easy Chat Server Authentication Request Handling Buffer Overflow
This module exploits a stack buffer overflow in EFS Software Easy Chat Server versions 2.0 to 3.1. By sending an overly long authentication request, an attacker may be able to execute arbitrary code. This module requires Metasploit: https://metasploit.com/download Current source:...
D-Link TFTP 1.0 Long Filename Buffer Overflow
This module exploits a stack buffer overflow in D-Link TFTP 1.0. By sending a request for an overly long file name, an attacker could overflow a buffer and execute arbitrary code. For best results, use bind payloads with nonx No NX. This module requires Metasploit: https://metasploit.com/download...
Streamcast HTTP User-Agent Buffer Overflow
This module exploits a stack buffer overflow in Streamcast 'Streamcast HTTP User-Agent Buffer Overflow', 'Description' = %q This module exploits a stack buffer overflow in Streamcast 'LSO ', Original exploit module 'aushack' Added references and check code. Default target to XP. , 'License' =...
ContentKeeper Web Remote Command Execution
This module exploits the ContentKeeper Web Appliance. Versions prior to 125.10 are affected. This module exploits a combination of weaknesses to enable remote command execution as the Apache user. By setting SkipEscalation to false, this module will attempt to setuid the bash shell. This module...
Oracle Secure Backup exec_qr() Command Injection Vulnerability
This module exploits a command injection vulnerability in Oracle Secure Backup version 10.1.0.3 to 10.2.0.2. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle Secure Backup execqr Command...
Oracle Secure Backup NDMP_CONNECT_CLIENT_AUTH Buffer Overflow
The module exploits a stack buffer overflow in Oracle Secure Backup. When sending a specially crafted NDMPCONNECTCLIENTAUTH packet, an attacker may be able to execute arbitrary code. This module requires Metasploit: https://metasploit.com/download Current source:...
MS09-002 Microsoft Internet Explorer 7 CFunctionPointer Uninitialized Memory Corruption
This module exploits an error related to the CFunctionPointer function when attempting to access uninitialized memory. A remote attacker could exploit this vulnerability to corrupt memory and execute arbitrary code on the system with the privileges of the victim. This module requires Metasploit:...
Free Download Manager Remote Control Server Buffer Overflow
This module exploits a stack buffer overflow in Free Download Manager Remote Control 2.5 Build 758. When sending a specially crafted Authorization header, an attacker may be able to execute arbitrary code. This module requires Metasploit: https://metasploit.com/download Current source:...
Wardialer
Scan for dial-up systems that are connected to modems and answer telephony indials. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'zlib' Extend Object class to include savetofile and loadfromfile methods cla...
CA BrightStor ARCserve License Service GCR NETWORK Buffer Overflow
This module exploits a stack buffer overflow in Computer Associates BrightStor ARCserve Backup 11.0. By sending a specially crafted request to the lic98rmtd.exe service, an attacker could overflow the buffer and execute arbitrary code. This module requires Metasploit:...