6841 matches found
FTP Bounce Port Scanner
Enumerate TCP services via the FTP bounce PORT/LIST method. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FTP Bounce Port Scanner', 'Description' = %q Enumerate TCP services via the FTP bounc...
Wireshark chunked_encoding_dissector Function DOS
Wireshark crash when dissecting an HTTP chunked response. Versions affected: 0.99.5 Bug 1394 This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wireshark chunkedencodingdissector Function DOS',...
TikiWiki Information Disclosure
A vulnerability has been reported in Tikiwiki, which can be exploited by an anonymous user to dump the MySQL user & passwd just by creating a mysql error with the "sortmode" var. The vulnerability was reported in Tikiwiki version 1.9.5. This module requires Metasploit:...
Tomcat Administration Tool Default Access
Detect the Tomcat administration interface. The administration interface is included in versions 5.5 and lower. Port 8180 is the default for FreeBSD, 8080 for all others. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framewor...
Symantec AppStream LaunchObj ActiveX Control Arbitrary File Download and Execute
This module exploits a vulnerability in Symantec AppStream Client 5.x. The vulnerability is in the LaunchObj ActiveX control launcher.dll 5.1.0.82 containing the "installAppMgr" method. The insecure method can be exploited to download and execute arbitrary files in the context of the currently...
Oracle MySQL for Microsoft Windows Payload Execution
This module creates and enables a custom UDF user defined function on the target host via the SELECT ... into DUMPFILE method of binary injection. On default Microsoft Windows installations of MySQL = 5.5.9, directory write permissions not enforced, and the MySQL service runs as LocalSystem. NOTE...
AWStats migrate Remote Command Execution
This module exploits an arbitrary command execution vulnerability in the AWStats CGI script. AWStats v6.4 and v6.5 are vulnerable. Perl based payloads are recommended with this module. The vulnerability is only present when AllowToUpdateStatsFromBrowser is enabled in the AWStats configuration fil...
Unix TTY, Interact with Established Connection
Interacts with a TTY on an established socket connection This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 0 include Msf::Payload::Single def initializeinfo = supermergeinfoinfo,...
TTY Nop Generator
Generates harmless padding for TTY input This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This class implements a "nop" generator for TTY payloads class MetasploitModule 'TTY Nop Generator', 'Alias' = 'ttygeneric',...
Microsoft SQL Server Generic Query
This module will allow for simple SQL statements to be executed against a MSSQL/MSDE instance given the appropriate credentials. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SQL...
Microsoft SQL Server Command Execution
This module will execute a Windows command on a MSSQL/MSDE instance via the xpcmdshell default or the spoacreate procedure more opsec safe, no output, no temporary data table. A valid username and password is required to use this module. This module requires Metasploit:...
FileZilla FTP Server Admin Interface Denial of Service
This module triggers a Denial of Service condition in the FileZilla FTP Server Administration Interface in versions 0.9.4d and earlier. By sending a procession of excessively long USER commands to the FTP Server, the Administration Interface FileZilla Server Interface.exe when running, will...
Norton AntiSpam 2004 SymSpamHelper ActiveX Control Buffer Overflow
This module exploits a stack buffer overflow in Norton AntiSpam 2004. When sending an overly long string to the LaunchCustomRuleWizard method of symspam.dll 2004.1.0.147 an attacker may be able to execute arbitrary code. This module requires Metasploit: https://metasploit.com/download Current...
PacketTrap TFTP Server 2.2.5459.0 DoS
The PacketTrap TFTP server version 2.2.5459.0 can be brought down by sending a special write request. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'PacketTrap TFTP Server 2.2.5459.0 DoS',...
Titan FTP Server 6.26.630 SITE WHO DoS
The Titan FTP server v6.26 build 630 can be DoS'd by issuing "SITE WHO". You need a valid login so you can send this command. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Titan FTP Server...
XM Easy Personal FTP Server 5.6.0 NLST DoS
This module is a port of shinnai's script. You need a valid login, but even anonymous can do it as long as it has permission to call NLST. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'XM Eas...
Victory FTP Server 5.0 LIST DoS
The Victory FTP Server v5.0 can be brought down by sending a very simple LIST command This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Victory FTP Server 5.0 LIST DoS', 'Description' = %q The...
FileZilla FTP Server Malformed PORT Denial of Service
This module triggers a Denial of Service condition in the FileZilla FTP Server versions 0.9.21 and earlier. By sending a malformed PORT command then LIST command, the server attempts to write to a NULL pointer. This module requires Metasploit: https://metasploit.com/download Current source:...
Guild FTPd 0.999.8.11/0.999.14 Heap Corruption
Guild FTPd 0.999.8.11 and 0.999.14 are vulnerable to heap corruption. You need to have a valid login so you can run CWD and LIST. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Guild FTPd...
URSoft W32Dasm Disassembler Function Buffer Overflow
This module exploits a buffer overflow in W32Dasm 'URSoft W32Dasm Disassembler Function Buffer Overflow', 'Description' = %q This module exploits a buffer overflow in W32Dasm MSFLICENSE, 'Author' = 'aushack' , 'References' = 'CVE', '2005-0308' , 'OSVDB', '13169' , 'BID', '12352' , 'URL',...
TrendMicro OfficeScanNT Listener Traversal Arbitrary File Access
This module tests for directory traversal vulnerability in the UpdateAgent function in the OfficeScanNT Listener TmListen.exe service in Trend Micro OfficeScan. This allows remote attackers to read arbitrary files as SYSTEM via dot dot sequences in an HTTP request. This module requires Metasploit...
Microsoft Works 7 WkImgSrv.dll WKsPictureInterface() ActiveX Code Execution
The Microsoft Works ActiveX control WkImgSrv.dll could allow a remote attacker to execute arbitrary code on a system. By passing a negative integer to the WksPictureInterface method, an attacker could execute arbitrary code on the system with privileges of the victim. Change 168430090 /0X0A0A0A0A...
DjVu DjVu_ActiveX_MSOffice.dll ActiveX ComponentBuffer Overflow
This module exploits a stack buffer overflow in DjVu ActiveX Component. When sending an overly long string to the ImageURL property of DjVuActiveXMSOffice.dll 3.0 an attacker may be able to execute arbitrary code. This control is not marked safe for scripting, so choose your attack vector...
SasCam Webcam Server v.2.6.5 Get() Method Buffer Overflow
The SasCam Webcam Server ActiveX control is vulnerable to a buffer overflow. By passing an overly long argument via the Get method, a remote attacker could overflow a buffer and execute arbitrary code on the system with the privileges of the user. This control is not marked safe for scripting,...
VeryPDF PDFView OCX ActiveX OpenPDF Heap Overflow
The VeryPDF PDFView ActiveX control is prone to a heap buffer-overflow because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. An attacker can exploit this issue to execute arbitrary code within the context of the affected...
CA BrightStor ARCserve Backup AddColumn() ActiveX Buffer Overflow
The CA BrightStor ARCserve Backup ActiveX control ListCtrl.ocx is vulnerable to a stack-based buffer overflow. By passing an overly long argument to the AddColumn method, a remote attacker could overflow a buffer and execute arbitrary code on the system. This module requires Metasploit:...
Linux Command Shell, Bind TCP Inline (IPv6)
Listen for a connection over IPv6 and spawn a command shell This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 90 include Msf::Payload::Single include Msf::Payload::Linux::X86::Prepen...
Realtek Media Player Playlist Buffer Overflow
This module exploits a stack buffer overflow in Realtek Media PlayerRtlRack A4.06. When a Realtek Media Player client opens a specially crafted playlist, an attacker may be able to execute arbitrary code. This module requires Metasploit: https://metasploit.com/download Current source:...
MS04-007 Microsoft ASN.1 Library Bitstring Heap Overflow
This is an exploit for a previously undisclosed vulnerability in the bit string decoding code in the Microsoft ASN.1 library. This vulnerability is not related to the bit string vulnerability described in eEye advisory AD20040210-2. Both vulnerabilities were fixed in the MS04-007 patch. Windows...
Adobe util.printf() Buffer Overflow
This module exploits a buffer overflow in Adobe Reader and Adobe Acrobat Professional 'Adobe util.printf Buffer Overflow', 'Description' = %q This module exploits a buffer overflow in Adobe Reader and Adobe Acrobat Professional MSFLICENSE, 'Author' = 'MC', 'Didier Stevens ' , 'References' = 'CVE'...
ACDSee XPM File Section Buffer Overflow
This module exploits a buffer overflow in ACDSee 9.0. When viewing a malicious XPM file with the ACDSee product, a remote attacker could overflow a buffer and execute arbitrary code. This module requires Metasploit: https://metasploit.com/download Current source:...
Adobe util.printf() Buffer Overflow
This module exploits a buffer overflow in Adobe Reader and Adobe Acrobat Professional 'Adobe util.printf Buffer Overflow', 'Description' = %q This module exploits a buffer overflow in Adobe Reader and Adobe Acrobat Professional MSFLICENSE, 'Author' = 'MC', 'Didier Stevens ' , 'References' = 'CVE'...
VideoLAN VLC TiVo Buffer Overflow
This module exploits a buffer overflow in VideoLAN VLC 0.9.4. By creating a malicious TY file, a remote attacker could overflow a buffer and execute arbitrary code. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework clas...
Windows Command Shell, Reverse TCP (via Ruby)
Connect back and create a command shell via Ruby This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 126 include Msf::Payload::Single include Msf::Sessions::CommandShellOptions def...
Unix Command Shell, Bind TCP (via Ruby)
Continually listen for a connection and spawn a command shell via Ruby This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 137 include Msf::Payload::Single include...
Windows Command Shell, Bind TCP (via Ruby)
Continually listen for a connection and spawn a command shell via Ruby This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 128 include Msf::Payload::Single include...
Unix Command Shell, Reverse TCP (via Ruby)
Connect back and create a command shell via Ruby This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 133 include Msf::Payload::Single include Msf::Sessions::CommandShellOptions def...
Linux Command Shell, Reverse TCP Stager (IPv6)
Spawn a command shell staged. Connect back to attacker over IPv6 This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Linux Reverse TCP/IPv6 Stager module MetasploitModule CachedSize = 77 include Msf::Payload::Stager inclu...
Linux Command Shell, Bind IPv6 TCP Stager (Linux x86)
Spawn a command shell staged. Listen for an IPv6 connection Linux x86 This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 121 include Msf::Payload::Stager include...
Linux Mettle x86, Bind IPv6 TCP Stager (Linux x86)
Inject the mettle server payload staged. Listen for an IPv6 connection Linux x86 This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 121 include Msf::Payload::Stager include...
Linux Mettle x86, Reverse TCP Stager (IPv6)
Inject the mettle server payload staged. Connect back to attacker over IPv6 This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Linux Reverse TCP/IPv6 Stager module MetasploitModule CachedSize = 77 include...
Pi3Web ISAPI DoS
The Pi3Web HTTP server crashes when a request is made for an invalid DLL file in /isapi for versions 2.0.13 and earlier. By default, the non-DLLs in this directory after installation are users.txt, install.daf and readme.daf. This module requires Metasploit: https://metasploit.com/download Curren...
X11 No-Auth Scanner
This module scans for X11 servers that allow anyone to connect without authentication. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'X11 No-Auth Scanner', 'Description' = %q This module scans...
IBM Lotus Domino Sametime STMux.exe Stack Buffer Overflow
This module exploits a stack buffer overflow in Lotus Domino's Sametime Server. By sending an overly long POST request to the Multiplexer STMux.exe service we are able to overwrite SEH. Based on the exploit by Manuel Santamarina Suarez. This module requires Metasploit:...
VERITAS NetBackup Remote Command Execution
This module allows arbitrary command execution on an ephemeral port opened by Veritas NetBackup, whilst an administrator is authenticated. The port is opened and allows direct console access as root or SYSTEM from any source address. This module requires Metasploit: https://metasploit.com/downloa...
HP OpenView OmniBack II Command Execution
This module uses a vulnerability in the OpenView Omniback II service to execute arbitrary commands. This vulnerability was discovered by DiGiT and his code was used as the basis for this module. For Microsoft Windows targets, due to module limitations, use the "unix/cmd/generic" payload and set C...
AIX Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 204 include Msf::Payload::Single include Msf::Payload::Aix include...
AIX Command Shell, Bind TCP Inline
Listen for a connection and spawn a command shell This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 264 include Msf::Payload::Single include Msf::Payload::Aix include...
AIX Command Shell, Find Port Inline
Spawn a shell on an established connection This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 220 include Msf::Payload::Single include Msf::Payload::Aix include...
Linux Command Shell, Reverse TCP Inline
Connect back to attacker and spawn a command shell This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 183 include Msf::Payload::Single include Msf::Payload::Linux::Ppc::Prepends inclu...