This Metasploit module exploits a directory traversal vulnerability in WordPress Plugin GI-Media Library version 2.2.2, allowing to read arbitrary files from the system with the web server privileges. This Metasploit module has been tested successfully on GI-Media Library version 2.2.2 with WordPress 4.1.3 on Ubuntu 12.04 Server.
4637d0531dbebb743c37a40d416ad765721de72ea5268f18b423993d68d22ed6This Metasploit module exploits a directory traversal vulnerability in Indusoft WebStudio. The vulnerability exists in the NTWebServer component and allows to read arbitrary remote files with the privileges of the NTWebServer process. The module has been tested successfully on Indusoft WebStudio 6.1 SP6.
d242b8007726d97afc7ca45d4fdc57dd3eea44c1e53c5a4a3eff01999ce2fbaaThis Metasploit module abuses a logic flaw in the Backup Exec Windows Agent to download arbitrary files from the system. This flaw was found by someone who wishes to remain anonymous and affects all known versions of the Backup Exec Windows Agent. The output file is in MTF format, which can be extracted by the NTKBUp program listed in the references section. To transfer an entire directory, specify a path that includes a trailing backslash.
226940d66a9c4cacaf0a73b81c75fdaea375765b84cbee186b391bbf5c6295daThis Metasploit module exploits a broken access control vulnerability in Atlassian Confluence servers leading to an authentication bypass. A specially crafted request can be create new admin account without authentication on the target Atlassian server.
4b9c8ff2a00bfcb510bc8d0808226331e1d0aff918dc0237aea9ac812e546033This Metasploit module abuses the "install/upgrade.php" component on vBulletin 4.1+ and 4.5+ to create a new administrator account, as exploited in the wild on October 2013. This Metasploit module has been tested successfully on vBulletin 4.1.5 and 4.1.0.
c24deea47d1ee74b3fe339182867838b53b59f6e667d57d1dedb6d10ded9c962This Metasploit module targets an authentication bypass vulnerability in the mini_http binary of several Netgear Routers running firmware versions prior to 1.2.0.88, 1.0.1.80, 1.1.0.110, and 1.1.0.84. The vulnerability allows unauthenticated attackers to reveal the password for the admin user that is used to log into the routers administrative portal, in plaintext. Once the password has been been obtained, the exploit enables telnet on the target router and then utiltizes the auxiliary/scanner/telnet/telnet_login module to log into the router using the stolen credentials of the admin user. This will result in the attacker obtaining a new telnet session as the "root" user. This vulnerability was discovered and exploited by an independent security researcher who reported it to SSD.
b64800ebe35ccd348243151eddc846891e371e499d5629a34a60850c0cbe7c61This Metasploit module exploits a directory traversal in Webmin 1.580. The vulnerability exists in the edit_html.cgi component and allows an authenticated user with access to the File Manager Module to access arbitrary files with root privileges. The module has been tested successfully with Webmin 1.580 over Ubuntu 10.04.
6c0a9a2b80ec4a4d227511510ff034d0be1d1387d4299cbb7189ca3bd983eb19This Metasploit module abuses a directory traversal in GE Proficy Cimplicity, specifically on the gefebt.exe component used by the WebView, in order to retrieve arbitrary files with SYSTEM privileges. This Metasploit module has been tested successfully on GE Proficy Cimplicity 7.5.
399b0eee758032932eba32ff6fed11465025c0f8035b5842a50ac246dcef29c6This Metasploit module abuses an XSS vulnerability in versions prior to Firefox 39.0.3, Firefox ESR 38.1.1, and Firefox OS 2.2 that allows arbitrary files to be stolen. The vulnerability occurs in the PDF.js component, which uses Javascript to render a PDF inside a frame with privileges to read local files. The in-the-wild malicious payloads searched for sensitive files on Windows, Linux, and OSX. Android versions are reported to be unaffected, as they do not use the Mozilla PDF viewer.
51c57f3920e9435bf62bbd93f1635f5a4935408c0f9db23d25b25d8babebaaeeThis Metasploit module triggers an infinite loop in Apache Commons FileUpload 1.0 through 1.3 via a specially crafted Content-Type header. Apache Tomcat 7 and Apache Tomcat 8 use a copy of FileUpload to handle mime-multipart requests, therefore, Apache Tomcat 7.0.0 through 7.0.50 and 8.0.0-RC1 through 8.0.1 are affected by this issue. Tomcat 6 also uses Commons FileUpload as part of the Manager application.
63eac7fcd95f58645fc48d32a1a79fb24dc1ef11c2c9b732b7c026ca3dac1537This Metasploit module exploits a remote command execution vulnerability in HP LoadRunner before 9.50 and also HP Performance Center before 9.50. HP LoadRunner 12.53 and other versions are also most likely vulnerable if the (non-default) SSL option is turned off. By sending a specially crafted packet, an attacker can execute commands remotely. The service is vulnerable provided the Secure Channel feature is disabled (default).
0bfa24b3a3de55a83f6e1af498795fa6d0ddf8b35ad4a3fdfc280bd24cc80dd2This Metasploit module exploits an unauthenticated command injection in Alienvault USM/OSSIM versions 5.3.4 and 5.3.5. The vulnerability lies in an API function that does not check for authentication and then passes user input directly to a system call as root.
d72c139011d02b5dd53490824fea6a9d33d4ea93c69d1eaa4c8702f390b4d945This Metasploit module exploits an arbitrary file upload in the WordPress Ajax Load More version 2.8.1.1. It allows you to upload arbitrary php files and get remote code execution. This Metasploit module has been tested successfully on WordPress Ajax Load More 2.8.0 with WordPress 4.1.3 on Ubuntu 12.04/14.04 Server.
11f7539e7ef47eff9d74ba4f4c35c661e3f3e8bfd87cbe2130c13dbb4e6eb011Nibbleblog contains a flaw that allows an authenticated remote attacker to execute arbitrary PHP code. This Metasploit module was tested on version 4.0.3.
242036a885cccb63f5c9c28d79b7d7806419522622349b78f0a9c6bab6968a41This Metasploit module gains remote code execution on Firefox 35-36 by abusing a privilege escalation bug in resource:// URIs. PDF.js is used to exploit the bug. This exploit requires the user to click anywhere on the page to trigger the vulnerability.
c7380b4bd424349eceddb0191b851de4ff91a0a5afb8b3430ceffce5b834c992This Metasploit module exploits an use after free on Adobe Flash Player. The vulnerability, discovered by Hacking Team and made public on its July 2015 data leak, was described as an Use After Free while handling the opaqueBackground property 7 setter of the flash.display.DisplayObject class. This Metasploit module is an early release tested on: Windows 7 SP1 (32-bit), IE11 and Adobe Flash 18.0.0.203, Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 18.0.0.194, Windows 7 SP1 (32-bit), IE9 and Adobe Flash Flash 18.0.0.203, Windows 7 SP1 (32-bit), Firefox + Adobe Flash 18.0.0.194, windows 8.1, Firefox and Adobe Flash 18.0.0.203, Windows 8.1, Firefox and Adobe Flash 18.0.0.160, and Windows 8.1, Firefox and Adobe Flash 18.0.0.194
8ce9c20b7334d2feb9c4fe25343ecb322adf1f1d89bf09897d3a0ae1ed81bb41This Metasploit module exploits a use after free on Adobe Flash Player. The vulnerability, discovered by Hacking Team and made public on its July 2015 data leak, was described as a Use After Free while handling ByteArray objects. This Metasploit module has been tested successfully on: Windows 7 SP1 (32-bit), IE11 and Adobe Flash 18.0.0.194, Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 18.0.0.194, Windows 8.1 (32-bit), Firefox and Adobe Flash 18.0.0.194, Windows 8.1 (32-bit), IE11 and Flash 17.0.0.169, and Linux Mint "Rebecca" (32 bits), Firefox 33.0 and Adobe Flash 11.2.202.468.
41ca06ad850b25d5a2ca76c0d342a370ac7d388de97dc2ba2d73946fcb6a325bThis Metasploit module exploits a buffer overflow on Adobe Flash Player when handling nellymoser encoded audio inside a FLV video, as exploited in the wild on June 2015. This Metasploit module has been tested successfully on: Windows 7 SP1 (32-bit), IE11 and Adobe Flash 18.0.0.160, Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 18.0.0.160, Windows 8.1, Firefox 38.0.5 and Adobe Flash 18.0.0.160, Linux Mint "Rebecca" (32 bits), Firefox 33.0 and Adobe Flash 11.2.202.466, and Ubuntu 14.04.2 LTS, Firefox 35.01, and Adobe Flash 11.2.202.466. Note that this exploit is effective against both CVE-2015-3113 and the earlier CVE-2015-3043, since CVE-2015-3113 is effectively a regression to the same root cause as CVE-2015-3043.
df6c07c8c61e9ddc1ee258859a800c72ade8287343881e5bac8140e590346c42This Metasploit module exploits a memory corruption happening when applying a Shader as a drawing fill as exploited in the wild on June 2015. This Metasploit module has been tested successfully on: Windows 7 SP1 (32-bit), IE11 and Adobe Flash 17.0.0.188, Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 17.0.0.188, Windows 8.1, Firefox 38.0.5 and Adobe Flash 17.0.0.188, and Linux Mint "Rebecca" (32 bits), Firefox 33.0 and Adobe Flash 11.2.202.460.
a2184f47ed1174e50ad69f7fd1808a0bfb8843fb0450d0e5bd5891aa520131cdThis Metasploit module exploits improper object handling in the win32k.sys kernel mode driver. This Metasploit module has been tested on vulnerable builds of Windows 7 x64 and x86, and Windows 2008 R2 SP1 x64.
1b4009bd1a5cf1594526be1c3c92cca6c5d12b793c2e559d0e4e7218d3be8242This Metasploit module exploits a buffer overflow vulnerability related to the ShaderJob workings on Adobe Flash Player. The vulnerability happens when trying to apply a Shader setting up the same Bitmap object as src and destination of the ShaderJob. Modifying the "width" attribute of the ShaderJob after starting the job it's possible to create a buffer overflow condition where the size of the destination buffer and the length of the copy are controlled.
85ac61cf4df86a48ba3ebb5575fe809cd20d6d403d015526e3943526ed3262d0This Metasploit module exploits a use-after-free vulnerability in Adobe Flash Player. The vulnerability occurs when the ByteArray assigned to the current ApplicationDomain is freed from an ActionScript worker, when forcing a reallocation by copying more contents than the original capacity, but Flash forgets to update the domainMemory pointer, leading to a use-after-free situation when the main worker references the domainMemory again. This Metasploit module has been tested successfully on Windows 7 SP1 (32-bit), IE 8 and IE11 with Flash 17.0.0.134.
35afddd5d3435bc9a7d573d702fbd4a8ffa05be42f3a36a7f8f99095dcaea8edThis Metasploit module exploits a type confusion vulnerability in the NetConnection class on Adobe Flash Player. When using a correct memory layout this vulnerability allows to corrupt arbitrary memory. It can be used to overwrite dangerous objects, like vectors, and finally accomplish remote code execution. This Metasploit module has been tested successfully on Windows 7 SP1 (32-bit), IE 8 and IE11 with Flash 16.0.0.305.
177e5f47d74fe85d6aa8d57dccbc5f1b1e2484a8de35f89d42b20aef2b6ffe99This Metasploit module exploits an uninitialized memory vulnerability in Adobe Flash Player. The vulnerability occurs in the ByteArray::UncompressViaZlibVariant method, which fails to initialize allocated memory. When using a correct memory layout this vulnerability leads to a ByteArray object corruption, which can be abused to access and corrupt memory. This Metasploit module has been tested successfully on Windows 7 SP1 (32-bit), IE 8 and IE11 with Flash 15.0.0.189.
5e90527feb81af64901755b776a489cf3494498219d1281419ecb16f62818f6fThis Metasploit module exploits an arbitrary PHP code upload in the WordPress Reflex Gallery version 3.1.3. The vulnerability allows for arbitrary file upload and remote code execution.
66a2afe428abc2bc5fd7a07e29076cf8d642726dfba85da1125d083fa522fa6e
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed