6841 matches found
Borland CaliberRM StarTeam Multicast Service Buffer Overflow
This module exploits a stack buffer overflow in Borland CaliberRM 2006. By sending a specially crafted GET request to the STMulticastService, an attacker may be able to execute arbitrary code. This module requires Metasploit: https://metasploit.com/download Current source:...
Windows Command, Generic Command Execution
Executes the supplied command This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 8 include Msf::Payload::Single include Msf::Sessions::CommandShellOptions def initializeinfo =...
BigAnt Server 2.2 Buffer Overflow
This module exploits a stack buffer overflow in BigAnt Server 2.2. By sending a specially crafted packet, an attacker may be able to execute arbitrary code. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...
NTP Daemon readvar Buffer Overflow
This module exploits a stack based buffer overflow in the ntpd and xntpd service. By sending an overly long 'readvar' request it is possible to execute code remotely. As the stack is corrupted, this module uses the Egghunter technique. This module requires Metasploit:...
CA BrightStor ARCserve for Laptops and Desktops LGServer Buffer Overflow
This module exploits a stack buffer overflow in Computer Associates BrightStor ARCserve Backup for Laptops & Desktops 11.1. By sending a specially crafted request, an attacker could overflow the buffer and execute arbitrary code. This module requires Metasploit: https://metasploit.com/download...
Sasser Worm avserve FTP PORT Buffer Overflow
This module exploits the FTP server component of the Sasser worm. By sending an overly long PORT command the stack can be overwritten. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Sasser Wor...
Solaris ypupdated Command Execution
This exploit targets a weakness in the way the ypupdated RPC application uses the command shell when handling a MAP UPDATE request. Extra commands may be launched through this command shell, which runs as root on the remote host, by passing commands in the format '|'. Vulnerable systems include...
CA iTechnology iGateway Debug Mode Buffer Overflow
This module exploits a vulnerability in the Computer Associates iTechnology iGateway component. When True is enabled in igateway.conf non-default, it is possible to overwrite the stack and execute code remotely. This module works best with Ordinal payloads. This module requires Metasploit:...
Computer Associates Alert Notification Buffer Overflow
This module exploits a buffer overflow in Computer Associates Threat Manager for the Enterprise r8.1 By sending a specially crafted RPC request, an attacker could overflow the buffer and execute arbitrary code. In order to successfully exploit this vulnerability, you will need valid logon...
Tumbleweed FileTransfer vcst_eu.dll ActiveX Control Buffer Overflow
This module exploits a stack buffer overflow in the vcsteu.dll FileTransfer Module 1.0.0.5 ActiveX control in the Tumbleweed SecureTransport suite. By sending an overly long string to the TransferFile 'remotefile' function, an attacker may be able to execute arbitrary code. This module requires...
GoodTech Telnet Server Buffer Overflow
This module exploits a stack buffer overflow in GoodTech Systems Telnet Server versions prior to 5.0.7. By sending an overly long string, an attacker can overwrite the buffer and control program execution. This module requires Metasploit: https://metasploit.com/download Current source:...
MDaemon 9.6.4 IMAPD FETCH Buffer Overflow
This module exploits a stack buffer overflow in the Alt-N MDaemon IMAP Server version 9.6.4 by sending an overly long FETCH BODY command. Valid IMAP account credentials are required. Credit to Matteo Memelli This module requires Metasploit: https://metasploit.com/download Current source:...
Solaris sadmind Command Execution
This exploit targets a weakness in the default security settings of the sadmind RPC application. This server is installed and enabled by default on most versions of the Solaris operating system. Vulnerable systems include solaris 2.7, 8, and 9 This module requires Metasploit:...
Windows Command Shell, Bind TCP (via Perl)
Listen for a connection and spawn a command shell via perl persistent This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 139 include Msf::Payload::Single include...
Windows Command, Double Reverse TCP Connection (via Perl)
Creates an interactive shell via perl This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 148 include Msf::Payload::Single include Msf::Sessions::CommandShellOptions def initializeinfo...
RealPlayer rmoc3260.dll ActiveX Control Heap Corruption
This module exploits a heap corruption vulnerability in the RealPlayer ActiveX control. By sending a specially crafted string to the 'Console' property in the rmoc3260.dll control, an attacker may be able to execute arbitrary code. This module requires Metasploit: https://metasploit.com/download...
KarjaSoft Sami FTP Server v2.0.2 USER Overflow
This module exploits an unauthenticated stack buffer overflow in KarjaSoft Sami FTP Server version 2.0.2 by sending an overly long USER string during login. The payload is triggered when the administrator opens the application GUI. If the GUI window is open at the time of exploitation, the payloa...
ClamAV Milter Blackhole-Mode Remote Code Execution
This module exploits a flaw in the Clam AntiVirus suite 'clamav-milter' Sendmail mail filter. Versions prior to v0.92.2 are vulnerable. When implemented with black hole mode enabled, it is possible to execute commands remotely due to an insecure popen call. This module requires Metasploit:...
Linux Chmod
Runs chmod on specified file with specified mode This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Linux Chmodfile, mode Kris Katterjohn - 03/03/2008 module MetasploitModule CachedSize = 36 include Msf::Payload::Single...
phpBB viewtopic.php Arbitrary Code Execution
This module exploits two arbitrary PHP code execution flaws in the phpBB forum system. The problem is that the 'highlight' parameter in the 'viewtopic.php' script is not verified properly and will allow an attacker to inject arbitrary code via pregreplace. This vulnerability was introduced in...
PHP Command Shell, Reverse TCP (via PHP)
Reverse PHP connect back shell with checks for disabled functions This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = :dynamic include Msf::Payload::Single include Msf::Payload::Php...
Authentication Capture: FTP
This module provides a fake FTP service that is designed to capture authentication credentials. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Authentication Capture: FTP', 'Description' = %q...
Authentication Capture: IMAP
This module provides a fake IMAP service that is designed to capture authentication credentials. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Authentication Capture: IMAP', 'Description' = %...
Authentication Capture: POP3
This module provides a fake POP3 service that is designed to capture authentication credentials. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Authentication Capture: POP3', 'Description' = %...
Novell iPrint Client ActiveX Control ExecuteRequest Buffer Overflow
This module exploits a stack buffer overflow in Novell iPrint Client 4.26. When sending an overly long string to the ExecuteRequest property of ienipp.ocx an attacker may be able to execute arbitrary code. This module requires Metasploit: https://metasploit.com/download Current source:...
Winamp Ultravox Streaming Metadata (in_mp3.dll) Buffer Overflow
This module exploits a stack buffer overflow in Winamp 5.24. By sending an overly long artist tag, a remote attacker may be able to execute arbitrary code. This vulnerability can be exploited from the browser or the Winamp client itself. This module requires Metasploit:...
Symantec BackupExec Calendar Control Buffer Overflow
This module exploits a stack buffer overflow in Symantec BackupExec Calendar Control. By sending an overly long string to the "DOWText0" property located in the pvcalendar.ocx control, an attacker may be able to execute arbitrary code. This module requires Metasploit:...
IBM Lotus Domino Web Access Upload Module Buffer Overflow
This module exploits a stack buffer overflow in IBM Lotus Domino Web Access Upload Module. By sending an overly long string to the "GeneralServerName" property located in the dwa7w.dll and the inotes6w.dll control, an attacker may be able to execute arbitrary code. This module requires Metasploit...
BadBlue 2.72b PassThru Buffer Overflow
This module exploits a stack buffer overflow in the PassThru functionality in ext.dll in BadBlue 2.72b and earlier. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HEAD', :pattern = /BadBlue//...
SAP SAPLPD 6.28 Buffer Overflow
This module exploits a stack buffer overflow in SAPlpd 6.28 SAP Release 6.40 . By sending an overly long argument, an attacker may be able to execute arbitrary code. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework cla...
OS X Execute Command
Execute an arbitrary command This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Exec ---- Executes an arbitrary command. module MetasploitModule CachedSize = 24 include Msf::Payload::Single include Msf::Payload::Bsd::X86...
Facebook Photo Uploader 4 ActiveX Control Buffer Overflow
This module exploits a stack buffer overflow in Facebook Photo Uploader 4. By sending an overly long string to the "ExtractIptc" property located in the ImageUploader4.ocx 4.5.57.0 Control, an attacker may be able to execute arbitrary code. This module requires Metasploit:...
WinComLPD Buffer Overflow
This module exploits a stack buffer overflow in WinComLPD 'WinComLPD Buffer Overflow', 'Description' = %q This module exploits a stack buffer overflow in WinComLPD 'MC', 'License' = MSFLICENSE, 'References' = 'CVE', '2008-5159', 'OSVDB', '42861', 'BID', '27614', , 'DefaultOptions' = 'EXITFUNC' =...
XTACACSD report() Buffer Overflow
This module exploits a stack buffer overflow in XTACACSD 'XTACACSD report Buffer Overflow', 'Description' = %q This module exploits a stack buffer overflow in XTACACSD 'MC', 'References' = 'CVE', '2008-7232', 'OSVDB', '58140', 'URL', 'http://aluigi.altervista.org/adv/xtacacsdz-adv.txt', , 'Payloa...
NetWare Command Shell, Reverse TCP Stager
Connect to the NetWare console staged. Connect back to the attacker This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasm' module MetasploitModule CachedSize = 281 include Msf::Payload::Stager include...
Novell NetWare LSASS CIFS.NLM Driver Stack Buffer Overflow
This module exploits a stack buffer overflow in the NetWare CIFS.NLM driver. Since the driver runs in the kernel space, a failed exploit attempt can cause the OS to reboot. This module requires Metasploit: https://metasploit.com/download Current source:...
TrendMicro ServerProtect File Access
This modules exploits a remote file access flaw in the ServerProtect Windows Server RPC service. Please see the action list or the help output for more information. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework clas...
SMB Session Pipe DCERPC Auditor
Determine what DCERPC services are accessible over a SMB pipe This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SMB Session Pipe DCERPC Auditor', 'Description' = 'Determine what DCERPC services a...
SAP MaxDB cons.exe Remote Command Injection
SAP MaxDB is prone to a remote command-injection vulnerability because the application fails to properly sanitize user-supplied input. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SAP MaxDB...
MS07-064 Microsoft DirectX DirectShow SAMI Buffer Overflow
This module exploits a stack buffer overflow in the DirectShow Synchronized Accessible Media Interchanged SAMI parser in quartz.dll. This module has only been tested with Windows Media Player 6.4.09.1129 and DirectX 8.0. This module requires Metasploit: https://metasploit.com/download Current...
Webmin File Disclosure
A vulnerability has been reported in Webmin and Usermin, which can be exploited by malicious people to disclose potentially sensitive information. The vulnerability is caused due to an unspecified error within the handling of an URL. This can be exploited to read the contents of any files on the...
Macrovision InstallShield Update Service Buffer Overflow
This module exploits a stack buffer overflow in Macrovision InstallShield Update ServiceIsusweb.dll 6.0.100.54472. By passing an overly long ProductCode string to the DownloadAndExecute method, an attacker may be able to execute arbitrary code. This module requires Metasploit:...
Berlios GPSD Format String Vulnerability
This module exploits a format string vulnerability in the Berlios GPSD server. This vulnerability was discovered by Kevin Finisterre. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Berlios GPS...
Apple OS X Software Update Command Execution
This module exploits a feature in the Distribution Packages, which are used in the Apple Software Update mechanism. This feature allows for arbitrary command execution through JavaScript. This exploit provides the malicious update server. Requests must be redirected to this server by other means...
Appian Enterprise Business Suite 5.6 SP1 DoS
This module exploits a denial of service flaw in the Appian Enterprise Business Suite service. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Appian Enterprise Business Suite 5.6 SP1 DoS',...
MS07-065 Microsoft Message Queueing Service DNS Name Path Overflow
This module exploits a stack buffer overflow in the RPC interface to the Microsoft Message Queueing service. This exploit requires the target system to have been configured with a DNS name and for that name to be supplied in the 'DNAME' option. This name does not need to be served by a valid DNS...
RealPlayer ierpplug.dll ActiveX Control Playlist Name Buffer Overflow
This module exploits a stack buffer overflow in RealOne Player V2 Gold Build 6.0.11.853 and RealPlayer 10.5 Build 6.0.12.1483. By sending an overly long string to the "Import" method, an attacker may be able to execute arbitrary code. This module requires Metasploit: https://metasploit.com/downlo...
Mail.app Image Attachment Command Execution
This module exploits a command execution vulnerability in the Mail.app application shipped with Mac OS X 10.5.0. This flaw was patched in 10.4 in March of 2007, but reintroduced into the final release of 10.5. This module requires Metasploit: https://metasploit.com/download Current source:...
Apple QuickTime 7.3 RTSP Response Header Buffer Overflow
This module exploits a stack buffer overflow in Apple QuickTime 7.3. By sending an overly long RTSP response to a client, an attacker may be able to execute arbitrary code. This module requires Metasploit: https://metasploit.com/download Current source:...
Mercury Mail SMTP AUTH CRAM-MD5 Buffer Overflow
This module exploits a stack buffer overflow in Mercury Mail Transport System 4.51. By sending a specially crafted argument to the AUTH CRAM-MD5 command, an attacker may be able to execute arbitrary code. This module requires Metasploit: https://metasploit.com/download Current source:...