50738 matches found
MS15-134 Microsoft Windows Media Center MCL Information Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'cgi' class MetasploitModule 'MS15-134 Microsoft Windows Media Center MCL Information Disclosure', 'Description' = %q This module exploits a vulnerability found ...
VMWare Update Manager 4 Directory Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "VMWare Update Manager 4 Directory Traversal", 'Description' = %q This modules exploits a directory traversal vulnerability in VMWare Update Manag...
IBM Data Risk Manager Arbitrary File Download
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'IBM Data Risk Manager Arbitrary File Download', 'Description' = %q IBM Data Risk Manager IDRM contains two vulnerabilities that can be chained by...
SuiteCRM Authenticated SQL Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SuiteCRM authenticated SQL injection in export functionality', 'Description' = %q This module exploits an authenticated SQL injection in SuiteCRM...
OpenSSL DTLS Fragment Buffer Overflow / Denial of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenSSL DTLS Fragment Buffer Overflow DoS', 'Description' = %q This module performs a Denial of Service Attack against Datagram TLS in OpenSSL...
Microsoft Word UNC Path Injector
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Gems for extracting files require 'zip' Project for creating files require 'rex/zip' class MetasploitModule 'Microsoft Word UNC Path Injector', 'Description' = %q This...
Oracle DB SQL Injection Via SYS.LT.REMOVEWORKSPACE
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle DB SQL Injection via SYS.LT.REMOVEWORKSPACE', 'Description' = %q This module exploits a sql injection flaw in the REMOVEWORKSPACE procedur...
HTTP Client LAN IP Address Gather
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HTTP Client LAN IP Address Gather', 'Description' = %q This module retrieves a browser's network interface IP addresses using WebRTC. , 'License'...
MinIO Bootstrap Verify Information Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MinIO Bootstrap Verify Information Disclosure', 'Description' = %q MinIO is a Multi-Cloud Object Storage framework. In a cluster deployment...
Oracle Account Discovery
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'csv' class MetasploitModule 'Oracle Account Discovery', 'Description' = %q This module uses a list of well known default authentication credentials to discover...
Microsoft SQL Server Escalate Db_Owner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SQL Server Escalate DbOwner', 'Description' = %q This module can be used to escalate privileges to sysadmin if the user has the dbowner...
Solaris LPD Arbitrary File Delete
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Solaris LPD Arbitrary File Delete', 'Description' = %q This module uses a vulnerability in the Solaris line printer daemon to delete arbitrary...
IBM Notes encodeURI Denial of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "IBM Notes encodeURI DOS", 'Description' = %q This module exploits a vulnerability in the native browser that comes with IBM Lotus Notes. If...
Gather Kademlia Server Information
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Gather Kademlia Server Information', 'Description' = %q This module uses the Kademlia BOOTSTRAP and PING messages to identify and extract...
Oracle DB SQL Injection Via SYS.DBMS_CDC_SUBSCRIBE.ACTIVATE_SUBSCRIPTION
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle DB SQL Injection via SYS.DBMSCDCSUBSCRIBE.ACTIVATESUBSCRIPTION', 'Description' = %q This module will escalate an Oracle DB user to DBA by...
Allen-Bradley's Legacy Protocol (PCCC) Denial Of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "DoS Exploitation of Allen-Bradley's Legacy Protocol PCCC", 'Description' = %q A remote, unauthenticated attacker could send a single, specially...
F5 BigIP Access Policy Manager Session Exhaustion Denial of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'F5 BigIP Access Policy Manager Session Exhaustion Denial of Service', 'Description' = %q This module exploits a resource exhaustion denial of...
Gather Steam Server Information
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Gather Steam Server Information', 'Description' = %q This module uses the A2SINFO request to obtain information from a Steam server. , 'Author' =...
Netlogon Weak Cryptographic Authentication
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'windowserror' class MetasploitModule 'Netlogon Weak Cryptographic Authentication', 'Description' = %q A vulnerability exists within the Netlogon authentication...
ManageEngine Multiple Products Arbitrary File Download
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine Multiple Products Arbitrary File Download', 'Description' = %q This module exploits an arbitrary file download vulnerability in the...
2Wire Cross-Site Request Forgery Password Reset
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "2Wire Cross-Site Request Forgery Password Reset Vulnerability", 'Description' = %q This module will reset the admin password on a 2Wire wireless...
Oracle DB SQL Injection In MDSYS.SDO_TOPO_DROP_FTBL Trigger
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle DB SQL Injection in MDSYS.SDOTOPODROPFTBL Trigger', 'Description' = %q This module will escalate an Oracle DB user to MDSYS by exploiting ...
Cisco VPN Concentrator 3000 FTP Unauthorized Administrative Access
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco VPN Concentrator 3000 FTP Unauthorized Administrative Access', 'Description' = %q This module tests for a logic vulnerability in the Cisco...
Dopewars Denial of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Dopewars Denial of Service', 'Description' = %q The jet command in Dopewars 1.5.12 is vulnerable to a segmentation fault due to a lack of input...
Microsoft SRV2.SYS SMB2 Logoff Remote Kernel NULL Pointer Dereference
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SRV2.SYS SMB2 Logoff Remote Kernel NULL Pointer Dereference', 'Description' = %q This module triggers a NULL pointer dereference in the...
NTP Mode 6 UNSETTRAP DRDoS Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NTP Mode 6 UNSETTRAP DRDoS Scanner', 'Description' = %q This module identifies NTP servers which permit mode 6 UNSETTRAP requests that can be use...
Internet Explorer Iframe Sandbox File Name Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Internet Explorer Iframe Sandbox File Name Disclosure Vulnerability', 'Description' = %q It was found that Internet Explorer allows the disclosur...
Oracle DB SQL Injection Via SYS.DBMS_CDC_PUBLISH.CREATE_CHANGE_SET
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle DB SQL Injection via SYS.DBMSCDCPUBLISH.CREATECHANGESET', 'Description' = %q The module exploits an sql injection flaw in the...
Microsoft SRV.SYS WriteAndX Invalid DataOffset
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SRV.SYS WriteAndX Invalid DataOffset', 'Description' = %q This module exploits a denial of service vulnerability in the SRV.SYS driver ...
WebNMS Framework Server Credential Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WebNMS Framework Server Credential Disclosure', 'Description' = %q This module abuses two vulnerabilities in WebNMS Framework Server 5.2 to extra...
Brocade Password Hash Enumeration
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Brocade Password Hash Enumeration', 'Description' = %q This module extracts password hashes from certain Brocade load balancer devices. ,...
TYPO3 Sa-2010-020 Remote File Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'TYPO3 sa-2010-020 Remote File Disclosure', 'Description' = %q This module exploits a flaw in the way the TYPO3 jumpurl feature matches hashes. Du...
Ruby On Rails File Content Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Ruby On Rails File Content Disclosure 'doubletap'", 'Description' = %q This module uses a path traversal vulnerability in Ruby on Rails versions ...
Veritas Backup Exec Windows Remote File Access
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Veritas Backup Exec Windows Remote File Access', 'Description' = %q This module abuses a logic flaw in the Backup Exec Windows Agent to download...
Juniper JunOS Malformed TCP Option
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Juniper JunOS Malformed TCP Option', 'Description' = %q This module exploits a denial of service vulnerability in Juniper Network's JunOS router...
WordPress Google Maps Plugin SQL Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Google Maps Plugin SQL Injection', 'Description' = %q This module exploits a SQL injection vulnerability in a REST endpoint registered ...
Cambium EPMP 1000 SNMP Enumeration
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cambium ePMP 1000 SNMP Enumeration', 'Description' = % Cambium devices ePMP, PMP, Force, & others can be administered using SNMP. The device...
Chargen Probe Utility
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Chargen Probe Utility', 'Description' = %q Chargen is a debugging and measurement tool and a character generator service. A character generator...
WordPress Symposium Plugin SQL Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Symposium Plugin SQL Injection', 'Description' = %q This module exploits a SQL injection vulnerability in the WP Symposium plugin befor...
Victory FTP Server 5.0 LIST Denial of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Victory FTP Server 5.0 LIST DoS', 'Description' = %q The Victory FTP Server v5.0 can be brought down by sending a very simple LIST command ,...
Intersil (Boa) HTTPd Basic Authentication Password Reset
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Intersil Boa HTTPd Basic Authentication Password Reset', 'Description' = %q The Intersil extension in the Boa HTTP Server 0.93.x - 0.94.11 allows...
DarkComet Server Remote File Download
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'DarkComet Server Remote File Download Exploit', 'Description' = %q This module exploits an arbitrary file download vulnerability in the DarkComet...
MS15-018 Microsoft Internet Explorer 10 and 11 Cross-Domain JavaScript Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "MS15-018 Microsoft Internet Explorer 10 and 11 Cross-Domain JavaScript Injection", 'Description' = %q This module exploits a universal cross-site...
ManageEngine DataSecurity Plus Xnode Enumeration
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine DataSecurity Plus Xnode Enumeration', 'Description' = %q This module exploits default admin credentials for the DataEngine Xnode...
Oracle DB SQL Injection Via SYS.LT.FINDRICSET Evil Cursor Method
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle DB SQL Injection via SYS.LT.FINDRICSET Evil Cursor Method', 'Description' = %q This module will escalate an Oracle DB user to DBA by...
HP Operations Manager Perfd Environment Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HP Operations Manager Perfd Environment Scanner', 'Description' = %q This module will enumerate the process list of a remote machine by abusing H...
Cisco IOS HTTP GET /%% Request Denial of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco IOS HTTP GET /%% Request Denial of Service', 'Description' = %q This module triggers a Denial of Service condition in the Cisco IOS HTTP...
Allegro Software RomPager Misfortune Cookie (CVE-2014-9222) Authentication Bypass
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Allegro Software RomPager 'Misfortune Cookie' CVE-2014-9222 Authentication Bypass", 'Description' = %q This module exploits HTTP servers that...
WordPress Long Password Denial of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Long Password DoS', 'Description' = %qWordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remot...
MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Command Execution', 'Description' = %q This module will exploit SMB wit...