50738 matches found
HP LaserJet Printer SNMP Enumeration
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HP LaserJet Printer SNMP Enumeration', 'Description' = %q This module allows enumeration of files previously printed. It provides details as...
Xerox Administrator Console Password Extractor
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Xerox Administrator Console Password Extractor', 'Description' = %q This module will extract the management console's admin password from the Xer...
Firefox PDF.js Browser File Theft
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Firefox PDF.js Browser File Theft', 'Description' = %q This module abuses an XSS vulnerability in versions prior to Firefox 39.0.3, Firefox ESR...
Pi-Hole Top Domains API Authenticated Exec
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Pi-Hole Top Domains API Authenticated Exec', 'Description' = %q This exploits a command execution in Pi-Hole Web Interface API/Web inetrace page...
OpenNMS Authenticated XXE
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'openssl' class MetasploitModule 'OpenNMS Authenticated XXE', 'Description' = %q OpenNMS is vulnerable to XML External Entity Injection in the Real-Time Console...
Microsoft Windows NAT Helper Denial of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft Windows NAT Helper Denial of Service', 'Description' = %q This module exploits a denial of service vulnerability within the Internet...
Grandstream UCM62xx IP PBX WebSocket Blind SQL Injection Credential Dump
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Grandstream UCM62xx IP PBX WebSocket Blind SQL Injection Credential Dump', 'Description' = %q This module uses a blind SQL injection CVE-2020-572...
WordPress WP EasyCart Plugin Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress WP EasyCart Plugin Privilege Escalation', 'Description' = %q The WordPress WP EasyCart plugin from version 1.1.30 to 3.0.20 allows...
Native DNS Spoofer
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Native DNS Spoofer Example', 'Description' = %q This module provides a Rex based DNS service to resolve queries intercepted via the capture mixin...
Wordpress BookingPress bookingpress_front_get_category_services SQL Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress BookingPress bookingpressfrontgetcategoryservices SQLi', 'Description' = %q The BookingPress WordPress plugin before 1.0.11 fails to...
Varnish Cache CLI Login Utility
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/credentialcollection' require 'metasploit/framework/loginscanner/varnish' require 'metasploit/framework/tcp/client' class MetasploitModule...
NFR Agent Heap Overflow
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NFR Agent Heap Overflow Vulnerability', 'Description' = %q This module exploits a heap overflow in NFRAgent.exe, a component of Novell File...
Apache Tomcat AJP File Read
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/proto/apachejp' class MetasploitModule 'Apache Tomcat AJP File Read', 'Description' = %q When using the Apache JServ Protocol AJP, care must be taken when...
Cisco IOX XE Unauthenticated OS Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco IOX XE unauthenticated OS command execution', 'Description' = %q This module leverages both CVE-2023-20198 and CVE-2023-20273 against...
NetBIOS Response BadTunnel Brute Force Spoof (NAT Tunnel)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NetBIOS Response "BadTunnel" Brute Force Spoof NAT Tunnel', 'Description' = %q This module listens for a NetBIOS name request and then continuous...
OpenSSL Server-Side ChangeCipherSpec Injection Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule Msf::Auxiliary include Msf::Exploit::Remote::Tcp include Msf::Auxiliary::Scanner include Msf::Auxiliary::Report CIPHERSUITES = 0xc014,...
SSL Labs API Client
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'activesupport/inflector' require 'json' require 'activesupport/coreext/hash' class MetasploitModule uri, 'agent' = useragent, 'method' = 'GET', 'varsget' = para...
OpenSSL TLS 1.1 and 1.2 AES-NI Denial of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework auxiliary/dos/ssl/opensslaesni class MetasploitModule 'OpenSSL TLS 1.1 and 1.2 AES-NI DoS', 'Description' = %q The AES-NI implementation of OpenSSL 1.0.1c does not...
AlienVault Authenticated SQL Injection Arbitrary File Read
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "AlienVault Authenticated SQL Injection Arbitrary File Read", 'Description' = %q AlienVault 4.6.1 and below is susceptible to an authenticated SQL...
Joomla com_contenthistory Error-Based SQL Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Joomla comcontenthistory Error-Based SQL Injection', 'Description' = %q This module exploits a SQL injection vulnerability in Joomla versions 3.2...
PostgreSQL Database Name Command Line Flag Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'PostgreSQL Database Name Command Line Flag Injection', 'Description' = %q This module can identify PostgreSQL 9.0, 9.1, and 9.2 servers that are...
Openbravo ERP XXE Arbitrary File Read
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'net/dns' require 'rexml/document' class MetasploitModule 'Openbravo ERP XXE Arbitrary File Read', 'Description' = %q The Openbravo ERP XML API expands external...
Oracle Secure Backup Authentication Bypass / Command Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle Secure Backup Authentication Bypass/Command Injection Vulnerability', 'Description' = %q This module exploits an authentication bypass...
Control ID IDSecure Authentication Bypass
class MetasploitModule 'Control iD iDSecure Authentication Bypass CVE-2023-6329', 'Description' = %q This module exploits an improper access control vulnerability CVE-2023-6329 in Control iD iDSecure 'Michael Heinzl', MSF Module 'Tenable' Discovery and PoC , 'References' = 'CVE', '2023-6329',...
Varnish Cache CLI File Read
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/tcp/client' require 'metasploit/framework/varnish/client' class MetasploitModule 'Varnish Cache CLI File Read', 'Description' = 'This modul...
Apple Airport Extreme Password Extraction (WDBRPC)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apple Airport Extreme Password Extraction WDBRPC', 'Description' = %q This module can be used to read the stored password of a vulnerable Apple...
ColdFusion password.properties Hash Extraction
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ColdFusion 'password.properties' Hash Extraction", 'Description' = %q This module uses a directory traversal vulnerability to extract information...
Apache Rave User Information Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Rave User Information Disclosure', 'Description' = %q This module exploits an information disclosure in Apache Rave 0.20 and prior. The...
Hashtable Collisions
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Hashtable Collisions', 'Description' = %q This module uses a denial-of-service DoS condition appearing in a variety of programming languages. Thi...
Cisco RV320/RV326 Configuration Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco RV320/RV326 Configuration Disclosure', 'Description' = %q A vulnerability in the web-based management interface of Cisco Small Business RV3...
Check Point Security Gateway Arbitrary File Read
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Check Point Security Gateway Arbitrary File Read', 'Description' = %q This module leverages an unauthenticated arbitrary root file read...
NTP Monitor List Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NTP Monitor List Scanner', 'Description' = %q This module identifies NTP servers which permit "monlist" queries and obtains the recent clients...
Microsoft Windows 7 / Server 2008 R2 SMB Client Infinite Loop
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft Windows 7 / Server 2008 R2 SMB Client Infinite Loop', 'Description' = %q This module exploits a denial of service flaw in the Microsoft...
Dell OpenManage POST Request Heap Overflow (win32)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Dell OpenManage POST Request Heap Overflow win32', 'Description' = %q This module exploits a heap overflow in the Dell OpenManage Web Server...
IpSwitch WhatsUp Gold TFTP Directory Traversal
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "IpSwitch WhatsUp Gold TFTP Directory Traversal", 'Description' = %q This modules exploits a directory traversal vulnerability in IpSwitch WhatsUp...
NTP.org ntpd Reserved Mode Denial of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NTP.org ntpd Reserved Mode Denial of Service', 'Description' = %q This module exploits a denial of service vulnerability within the NTP network...
Viproy CUCDM IP Phone XML Services Call Forwarding Tool
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rexml/document' class MetasploitModule 'Viproy CUCDM IP Phone XML Services - Call Forwarding Tool', 'Description' = %q The BVSMWeb portal in the web framework i...
Indusoft WebStudio NTWebServer Remote File Access
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Indusoft WebStudio NTWebServer Remote File Access', 'Description' = %q This module exploits a directory traversal vulnerability in Indusoft...
SysAid Help Desk Database Credentials Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'openssl' class MetasploitModule 'SysAid Help Desk Database Credentials Disclosure', 'Description' = %q This module exploits a vulnerability in SysAid Help Desk...
Apache Superset Signed Cookie Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Superset Signed Cookie Priv Esc', 'Description' = %q Apache Superset versions 'h00die', MSF module 'paradoxis', original flask-unsign tool...
Microsoft Windows Browser Pool Denial of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft Windows Browser Pool DoS', 'Description' = %q This module exploits a denial of service flaw in the Microsoft Windows SMB service on...
VSFTPD 2.3.2 Denial of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VSFTPD 2.3.2 Denial of Service', 'Description' = %q This module triggers a Denial of Service condition in the VSFTPD server in versions before...
Webpay E-Commerce 1.0 Directory Traversal
============================================================================================================================================= | Title : Webpay E-Commerce v1.0 Directory traversal Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...
WordPress SeatReg 1.54.0 Open Redirection
============================================================================================================================================= | Title : WordPress SeatReg plugin 1.54.0 open redirection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefo...
Water Billing Management System 1.0 Cross Site Request Forgery / File Upload
============================================================================================================================================= | Title : Water Billing Management System 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0....
WordPress GetYourGuide Ticketing 1.0.6 Cross Site Scripting
============================================================================================================================================= | Title : WordPress GetYourGuide Ticketing plugin 1.0.6 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firef...
SPIP 4.2.6 Code Execution
============================================================================================================================================= | Title : SPIP 4.2.6 PHP Code execution Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 129.0.1 64 bits |...
WordPress WP Event Manager 3.1.44 Cross Site Scripting
============================================================================================================================================= | Title : WordPress WP Event Manager plugin 3.1.44 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...
Online Appointment System 1.0 Insecure Settings
==================================================================================================================================== | Title : Online Appointment System v1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1...
Microsoft Windows IPv6 CVE-2024-38063 Checker / Denial Of Service
!/usr/bin/env python3 -- coding: utf-8 -- Exploit Title: Windows IPv6 CVE-2024-38063 Checker and Denial-Of-Service Date: 2024-08-07 Exploit Author: Photubias Vendor Homepage: https://microsoft.com Vendor Advisory: 1 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063 Version:...