50738 matches found
Apple OSX/iOS/Windows Safari Non-HTTPOnly Cookie Theft
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apple OSX/iOS/Windows Safari Non-HTTPOnly Cookie Theft', 'Description' = %q A vulnerability exists in versions of OSX, iOS, and Windows Safari...
Citrix MetaFrame ICA Published Applications Bruteforcer
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Citrix MetaFrame ICA Published Applications Bruteforcer', 'Description' = %q This module attempts to brute force program names within the Citrix...
Wireshark CAPWAP Dissector Denial of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wireshark CAPWAP Dissector DoS', 'Description' = %q This module injects a malformed UDP packet to crash Wireshark and TShark 1.8.0 to 1.8.7, as...
Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module Denial Of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module - Denial of Service', 'Description' = %q This module sends a specially crafted pack...
Adobe ColdFusion Unauthenticated Arbitrary File Read
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Adobe ColdFusion Unauthenticated Arbitrary File Read', 'Description' = %q This module exploits a remote unauthenticated deserialization of...
3Com SuperStack Switch Denial of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule '3Com SuperStack Switch Denial of Service', 'Description' = %q This module causes a temporary denial of service condition against 3Com SuperStack...
Rancher Authenticated API Credential Exposure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Rancher Authenticated API Credential Exposure', 'Description' = %q An issue was discovered in Rancher versions up to and including 2.5.15 and 2.6...
Jenkins Domain Credential Recovery
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'json' class MetasploitModule 'Jenkins Domain Credential Recovery', 'Description' = %q This module will collect Jenkins domain credentials, and uses the script...
Android Stock Browser Iframe Denial of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Android Stock Browser Iframe DOS", 'Description' = %q This module exploits a vulnerability in the native browser that comes with Android 4.0.3. I...
NetBIOS Name Service Spoofer
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NetBIOS Name Service Spoofer', 'Description' = %q This module forges NetBIOS Name Service NBNS responses. It will listen for NBNS requests sent t...
SAMR Computer Management
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rubysmb/dcerpc/client' class MetasploitModule 'SAMR Computer Management', 'Description' = %q Add, lookup and delete computer / machine accounts via MS-SAMR. By...
Microsoft RRAS InterfaceAdjustVLSPointers NULL Dereference
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft RRAS InterfaceAdjustVLSPointers NULL Dereference', 'Description' = %q This module triggers a NULL dereference in svchost.exe on all...
D-Link Central WiFiManager SQL Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'csv' require 'digest' class MetasploitModule 'D-Link Central WiFiManager SQL injection', 'Description' = %q This module exploits a SQLi vulnerability found in...
MS15-034 HTTP Protocol Stack Request Handling Denial-of-Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MS15-034 HTTP Protocol Stack Request Handling Denial-of-Service', 'Description' = %q This module will check if scanned hosts are vulnerable to...
F5 BIG-IP Backend Cookie Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'F5 BIG-IP Backend Cookie Disclosure', 'Description' = %q This module identifies F5 BIG-IP load balancers and leaks backend information pool name,...
IBM Lotus Sametime Version Enumeration
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'uri' class MetasploitModule Release .+?/i , 'api', 'meeting', /^meeting=.$/i , 'api', 'appshare', /^appshare=.$/i , 'api', 'docshare', /^docshare=.$/i , 'api',...
Android Content Provider File Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Android Content Provider File Disclosure', 'Description' = %q This module exploits a cross-domain issue within the Android web browser to...
XM Easy Personal FTP Server 5.6.0 NLST Denial of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'XM Easy Personal FTP Server 5.6.0 NLST DoS', 'Description' = %q This module is a port of shinnai's script. You need a valid login, but even...
Android Browser File Theft
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Android Browser File Theft', 'Description' = %q This module steals the cookie, password, and autofill databases from the Browser application on...
Chromecast Factory Reset Denial Of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Chromecast Factory Reset DoS', 'Description' = %q This module performs a factory reset on a Chromecast, causing a denial of service DoS. No user...
Microsoft SQL Server NTLM Stealer
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SQL Server NTLM Stealer', 'Description' = %q This module can be used to help capture or relay the LM/NTLM credentials of the account...
GNU Wget FTP Symlink Arbitrary Filesystem Access
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GNU Wget FTP Symlink Arbitrary Filesystem Access', 'Description' = %q This module exploits a vulnerability in Wget when used in recursive -r mode...
URGENT/11 Scanner, Based On Detection Tool By Armis
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'URGENT/11 Scanner, Based on Detection Tool by Armis', 'Description' = %q This module detects VxWorks and the IPnet IP stack, along with devices...
Webmin File Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Webmin File Disclosure', 'Description' = %q A vulnerability has been reported in Webmin and Usermin, which can be exploited by malicious people t...
ZyXEL GS1510-16 Password Extractor
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ZyXEL GS1510-16 Password Extractor', 'Description' = %q This module exploits a vulnerability in ZyXEL GS1510-16 routers to extract the admin...
MS10-065 Microsoft IIS 5 NTFS Stream Authentication Bypass
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MS10-065 Microsoft IIS 5 NTFS Stream Authentication Bypass', 'Description' = %q This module bypasses basic authentication for Internet Informatio...
ManageEngine Eventlog Analyzer Managed Hosts Administrator Credential Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rexml/document' class MetasploitModule 'ManageEngine Eventlog Analyzer Managed Hosts Administrator Credential Disclosure', 'Description' = %q ManageEngine...
Apple TV Image Remote Control
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apple TV Image Remote Control', 'Description' = %q This module will show an image on an AppleTV device for a period of time. Some AppleTV devices...
HP Data Protector Manager RDS Denial of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HP Data Protector Manager RDS DOS', 'Description' = %q This module causes a remote DOS on HP Data Protector's RDS service. By sending a malformed...
ManageEngine ADAudit Plus Xnode Enumeration
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine ADAudit Plus Xnode Enumeration', 'Description' = %q This module exploits default admin credentials for the DataEngine Xnode server i...
RPC Denial of Service targeting *nix rpcbind/libtirpc
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'RPC DoS targeting nix rpcbind/libtirpc', 'Description' = %q This module exploits a vulnerability in certain versions of rpcbind, LIBTIRPC, and...
BADPDF Malicious PDF Creator
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'BADPDF Malicious PDF Creator', 'Description' = ' This module can either creates a blank PDF file which contains a UNC link which can be used to...
SAP Internet Graphics Server (IGS) XMLCHART XXE
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SAP Internet Graphics Server IGS XMLCHART XXE', 'Description' = %q This module exploits CVE-2018-2392 and CVE-2018-2393, two XXE vulnerabilities...
Nuuo Central Management Server User Session Token Bruteforce
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'benchmark' class MetasploitModule 'Nuuo Central Management Server User Session Token Bruteforce', 'Description' = %q Nuuo Central Management Server below versio...
Nuuo Central Management Server Authenticated Arbitrary File Download
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nuuo Central Management Server Authenticated Arbitrary File Download', 'Description' = %q The Nuuo Central Management Server allows an...
Satel Iberia SenNet Data Logger And Electricity Meters Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Satel Iberia SenNet Data Logger and Electricity Meters Command Injection Vulnerability', 'Description' = %q This module exploits an OS Command...
Microsoft SQL Server SQL Injection Escalate Db_Owner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SQL Server SQLi Escalate DbOwner', 'Description' = %q This module can be used to escalate SQL Server user privileges to sysadmin throug...
Veritas Backup Exec Server Registry Access
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Veritas Backup Exec Server Registry Access', 'Description' = %q This modules exploits a remote registry access flaw in the BackupExec Windows...
Piwigo CVE-2023-26876 Gather Credentials via SQL Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Piwigo CVE-2023-26876 Gather Credentials via SQL Injection ', 'Description' = %q This module allows an authenticated user to retrieve the usernam...
HP Intelligent Management SOM Account Creation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HP Intelligent Management SOM Account Creation', 'Description' = %q This module exploits a lack of authentication and access control in HP...
Canon Wireless Printer Denial Of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Canon Wireless Printer Denial Of Service', 'Description' = %q The HTTP management interface on several models of Canon Wireless printers allows f...
Regsvr32.exe (.sct) Command Delivery Server
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Regsvr32.exe .sct Command Delivery Server', 'Description' = %q This module uses the Regsvr32.exe Application Whitelisting Bypass technique as a w...
Oracle DB 10gR2, 11gR1/R2 DBMS_JVM_EXP_PERMS OS Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle DB 10gR2, 11gR1/R2 DBMSJVMEXPPERMS OS Command Execution', 'Description' = %q This module exploits a flaw 0 day in DBMSJVMEXPPERMS package...
Oracle DB SQL Injection Via SYS.DBMS_CDC_PUBLISH.ALTER_AUTOLOG_CHANGE_SOURCE
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle DB SQL Injection via SYS.DBMSCDCPUBLISH.ALTERAUTOLOGCHANGESOURCE', 'Description' = %q The module exploits an sql injection flaw in the...
Schneider Modicon Remote START/STOP Command
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Schneider Modicon Remote START/STOP Command', 'Description' = %q The Schneider Modicon with Unity series of PLCs use Modbus function code 90 0x5a...
SolarWinds TFTP Server 10.4.0.10 Denial of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SolarWinds TFTP Server 10.4.0.10 Denial of Service' , 'Description' = %q The SolarWinds TFTP server can be shut down by sending a 'netascii' read...
Jenkins cli Ampersand Replacement Arbitrary File Read
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Jenkins cli Ampersand Replacement Arbitrary File Read', 'Description' = %q This module utilizes the Jenkins cli protocol to run the help command...
SonicWALL SSL-VPN Format String
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SonicWALL SSL-VPN Format String Vulnerability', 'Description' = %q There is a format string vulnerability within the SonicWALL SSL-VPN Appliance ...
Typo3 Sa-2009-002 File Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Typo3 sa-2009-002 File Disclosure', 'Description' = %q This module exploits a file disclosure vulnerability in the jumpUrl mechanism of Typo3. Th...
D-Link DSL 320B Password Extractor
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'D-Link DSL 320B Password Extractor', 'Description' = %q This module exploits an authentication bypass vulnerability in D-Link DSL 320B 'EDB',...