exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 100 of 10,201 RSS Feed

Web Files

Multiple DVR Manufacturers Configuration Disclosure
Posted Sep 1, 2024
Authored by Alejandro Ramos, juan vazquez | Site metasploit.com

This Metasploit module takes advantage of an authentication bypass vulnerability at the web interface of multiple manufacturers DVR systems, which allows to retrieve the device configuration.

tags | exploit, web, bypass
advisories | CVE-2013-1391
SHA-256 | 92970fe8576d8a26914e34ab8819055f169c2028d4106ed9aa7fe40e0c3de86b
Microsoft Exchange Privilege Escalation
Posted Sep 1, 2024
Authored by _dirkjan, Petros Koutroumpis | Site metasploit.com

This Metasploit module exploits a privilege escalation vulnerability found in Microsoft Exchange - CVE-2019-0724 Execution of the module will force Exchange to authenticate to an arbitrary URL over HTTP via the Exchange PushSubscription feature. This allows us to relay the NTLM authentication to a Domain Controller and authenticate with the privileges that Exchange is configured. The module is based on the work by @_dirkjan,.

tags | exploit, web, arbitrary
advisories | CVE-2019-0724
SHA-256 | 9f8ccd3febae1d6a5a140ff0111ba4264db42cc77adc0776d3f47273870024c9
WordPress NextGEN Gallery Directory Read
Posted Sep 1, 2024
Authored by Roberto S. Soares, Sathish Kumar | Site metasploit.com

This Metasploit module exploits an authenticated directory traversal vulnerability in WordPress Plugin "NextGEN Gallery" version 2.1.7, allowing to read arbitrary directories with the web server privileges.

tags | exploit, web, arbitrary
SHA-256 | 2c0cd7aee77fbdb8a99fcc09f39bd549ae4823975d07eaa06182ce30e5d70738
Canon Printer Wireless Configuration Disclosure
Posted Sep 1, 2024
Authored by Matt hostess Andreko | Site metasploit.com

This Metasploit module enumerates wireless credentials from Canon printers with a web interface. It has been tested on Canon models: MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920.

tags | exploit, web
advisories | CVE-2013-4614
SHA-256 | da65789563a5f9123cd5f43ebbf7e23b6c2880e8dec9ba14cd2e0aac0e760202
Cassandra Web File Read
Posted Sep 1, 2024
Authored by Jeremy Brown, samguy | Site metasploit.com

This Metasploit module exploits an unauthenticated directory traversal vulnerability in Cassandra Web Cassandra Web version 0.5.0 and earlier, allowing arbitrary file read with the web server privileges. This vulnerability occurred due to the disabled Rack::Protection module.

tags | exploit, web, arbitrary
SHA-256 | 1fcf8bcb9a5c390a3d9ee4018429d16d6138dbe119755c56e7f809909dd5bccd
Syncovery For Linux Web-GUI Session Token Brute-Forcer
Posted Sep 1, 2024
Authored by Jay Turla | Site metasploit.com

This Metasploit module attempts to brute-force a valid session token for the Syncovery File Sync and Backup Software Web-GUI by generating all possible tokens, for every second between DateTime.now and the given X day(s). By default today and yesterday (DAYS = 1) will be checked. If a valid session token is found, the module stops. The vulnerability exists, because in Syncovery session tokens are basically just base64(m/d/Y H:M:S) at the time of the login instead of a random token. If a user does not log out (Syncovery v8.x has no logout) session tokens will remain valid until reboot.

tags | exploit, web
advisories | CVE-2022-36536
SHA-256 | 35774315caca7f89f98bfc845f009123bd6450981504bf93e08596306cfc0432
InfoVista VistaPortal Application Bruteforce Login Utility
Posted Sep 1, 2024
Authored by Karn Ganeshen | Site metasploit.com

This Metasploit module attempts to scan for InfoVista VistaPortal Web Application, finds its version and performs login brute force to identify valid credentials.

tags | exploit, web
SHA-256 | 988a25a91ec5ad89fac76dcea1a6f311b0572b6b6646957ee931ee76d8973e13
Fortinet SSL VPN Bruteforce Login Utility
Posted Sep 1, 2024
Authored by Jay Turla | Site metasploit.com

This Metasploit module scans for Fortinet SSL VPN web login portals and performs login brute force to identify valid credentials.

tags | exploit, web
SHA-256 | 9cff45fa6448a61d09c7bfca78543e51d98a8a25cd5a142166e055d3f899034f
Web-Dorado ECommerce WD For Joomla! Search_category_id SQL Injection Scanner
Posted Sep 1, 2024
Authored by bperry | Site metasploit.com

This Metasploit module will scan for hosts vulnerable to an unauthenticated SQL injection within the advanced search feature of the Web-Dorado ECommerce WD 1.2.5 and likely prior.

tags | exploit, web, sql injection
advisories | CVE-2015-2562
SHA-256 | ce900f10acc1386276f00739f087918826cb2474bfdb669e0c939feac5f7524a
Supermicro Onboard IPMI Port 49152 Sensitive File Exposure
Posted Sep 1, 2024
Authored by H D Moore, Dan Farmer, John Matherly, Zach Wikholm | Site metasploit.com

This Metasploit module abuses a file exposure vulnerability accessible through the web interface on port 49152 of Supermicro Onboard IPMI controllers. The vulnerability allows an attacker to obtain detailed device information and download data files containing the clear-text usernames and passwords for the controller. In May of 2014, at least 30,000 unique IPs were exposed to the internet with this vulnerability.

tags | exploit, web
SHA-256 | 1ca6be3bd1442f15e9c436c21eb3f55a0d2466eb4cc5defa624000e1a17d568b
Sybase Easerver 6.3 Directory Traversal
Posted Sep 1, 2024
Authored by sinn3r, Sow Ching Shiong | Site metasploit.com

This Metasploit module exploits a directory traversal vulnerability found in Sybase EAservers Jetty webserver on port 8000. Code execution seems unlikely with EAservers default configuration unless the web server allows WRITE permission.

tags | exploit, web, code execution
advisories | CVE-2011-2474
SHA-256 | 7bfd36e1187bbe4aedbbf3cc9f1865de502ad6964a28a52016ac80e17c3bbfa5
Simple Web Server 2.3-RC1 Directory Traversal
Posted Sep 1, 2024
Authored by sinn3r, CwG GeNiuS | Site metasploit.com

This Metasploit module exploits a directory traversal vulnerability found in Simple Web Server 2.3-RC1.

tags | exploit, web
advisories | CVE-2002-1864
SHA-256 | 51715fee223323063efe38cccd63acc54537c25beb376295f1d2c1da1023b617
Log4Shell HTTP Scanner
Posted Sep 1, 2024
Authored by Spencer McIntyre, RageLtMan | Site metasploit.com

Versions of Apache Log4j2 impacted by CVE-2021-44228 which allow JNDI features used in configuration, log messages, and parameters, do not protect against attacker controlled LDAP and other JNDI related endpoints. This Metasploit module will scan an HTTP end point for the Log4Shell vulnerability by injecting a format message that will trigger an LDAP connection to Metasploit. This Metasploit module is a generic scanner and is only capable of identifying instances that are vulnerable via one of the pre-determined HTTP request injection points. These points include HTTP headers and the HTTP request path. Known impacted software includes Apache Struts 2, VMWare VCenter, Apache James, Apache Solr, Apache Druid, Apache JSPWiki, Apache OFBiz.

tags | exploit, web
advisories | CVE-2021-44228, CVE-2021-45046
SHA-256 | 0c99025a240dc811b182feb7d9c9d3253b1e32fb38ca51be4415745de5402484
D-Link User-Agent Backdoor Scanner
Posted Sep 1, 2024
Authored by Craig Heffner, Michael Messner, juan vazquez | Site metasploit.com

This Metasploit module attempts to find D-Link devices running Alphanetworks web interfaces affected by the backdoor found on the User-Agent header. This Metasploit module has been tested successfully on a DIR-100 device with firmware version v1.13.

tags | exploit, web
SHA-256 | efeab64a2c3b15be8d9ef8a9a4512d08c15268b3a979db52689b008670fee189
Novell ZENworks Asset Management 7.5 Remote File Access
Posted Sep 1, 2024
Authored by juan vazquez | Site metasploit.com

This Metasploit module exploits a hardcoded user and password for the GetFile maintenance task in Novell ZENworks Asset Management 7.5. The vulnerability exists in the Web Console and can be triggered by sending a specially crafted request to the rtrlet component, allowing a remote unauthenticated user to retrieve a maximum of 100_000_000 KB of remote files. This Metasploit module has been successfully tested on Novell ZENworks Asset Management 7.5.

tags | exploit, remote, web
advisories | CVE-2012-4933
SHA-256 | 330cc22734979700205d38d8b3a6fcb4016360f791b7add7a0841b6885897ab3
ManageEngine DeviceExpert 5.6 ScheduleResultViewer FileName Traversal
Posted Sep 1, 2024
Authored by rgod, sinn3r | Site metasploit.com

This Metasploit module exploits a directory traversal vulnerability found in ManageEngine DeviceExperts ScheduleResultViewer Servlet. This is done by using "..\..\..\..\..\..\..\..\..\..\" in the path in order to retrieve a file on a vulnerable machine. Please note that the SSL option is required in order to send HTTP requests.

tags | exploit, web
SHA-256 | ead6620e60a1e33962bc1a629b7991560b6ad340faaa6fcdaf3b569e03e10a00
ES File Explorer Open Port
Posted Sep 1, 2024
Authored by h00die, moonbocal, 小荷才露尖尖角, fs0c131y | Site metasploit.com

This Metasploit module connects to ES File Explorers HTTP server to run certain commands. The HTTP server is started on app launch, and is available as long as the app is open. Version 4.1.9.7.4 and below are reported vulnerable This Metasploit module has been tested against 4.1.9.5.1.

tags | exploit, web
advisories | CVE-2019-6447
SHA-256 | a73c6b524b907dbe590605fec39555ee25f87f4dfb5e202dfc167e9995d06c69
WordPress Mobile Edition File Read
Posted Sep 1, 2024
Authored by Roberto S. Soares, Khwanchai Kaewyos | Site metasploit.com

This Metasploit module exploits a directory traversal vulnerability in WordPress Plugin "WP Mobile Edition" version 2.2.7, allowing to read arbitrary files with the web server privileges.

tags | exploit, web, arbitrary
SHA-256 | 5e5be4ae6d13b3b27b02eb179731c7c1ec77577cfd08a929ee02bea102948838
Cisco Device HTTP Device Manager Access
Posted Sep 1, 2024
Authored by Jay Turla | Site metasploit.com

This Metasploit module gathers data from a Cisco device (router or switch) with the device manager web interface exposed. The HttpUsername and HttpPassword options can be used to specify authentication.

tags | exploit, web
systems | cisco
advisories | CVE-2000-0945
SHA-256 | e515364a8b6d5188cc5064ca26061b454b46d79e2464b43c67ca62a9ea442319
WordPress Duplicator File Read
Posted Sep 1, 2024
Authored by Hoa Nguyen, Ramuel Gall | Site metasploit.com

This Metasploit module exploits an unauthenticated directory traversal vulnerability in WordPress plugin Duplicator version 1.3.24-1.3.26, allowing arbitrary file read with the web server privileges. This vulnerability was being actively exploited when it was discovered.

tags | exploit, web, arbitrary
advisories | CVE-2020-11738
SHA-256 | 70e1c80a4666b4d2d1a2cbdb85a7139a6ae55e39380b9790128d79bb96845537
Chef Web UI Brute Force Utility
Posted Sep 1, 2024
Authored by H D Moore | Site metasploit.com

This Metasploit module attempts to login to Chef Web UI server instance using username and password combinations indicated by the USER_FILE, PASS_FILE, and USERPASS_FILE options. It will also test for the default login (admin:p@ssw0rd1).

tags | exploit, web
SHA-256 | a8b7ab4052d313ccc873b8bd18d89edbeb3d80da21d867193b4a96625924ef5d
Embedthis GoAhead Embedded Web Server Directory Traversal
Posted Sep 1, 2024
Authored by Roberto S. Soares, Matthew Daley | Site metasploit.com

This Metasploit module exploits a directory traversal vulnerability in the Embedthis GoAhead Web Server v3.4.1, allowing an attacker to read arbitrary files with the web server privileges.

tags | exploit, web, arbitrary
advisories | CVE-2014-9707
SHA-256 | 176eaf23e2348991401b48184cc4be3a61754c79a8d254fb1976e061cc7d1f98
WordPress Subscribe Comments File Read
Posted Sep 1, 2024
Authored by Roberto S. Soares, Tom Adams | Site metasploit.com

This Metasploit module exploits an authenticated directory traversal vulnerability in WordPress Plugin "Subscribe to Comments" version 2.1.2, allowing to read arbitrary files with the web server privileges.

tags | exploit, web, arbitrary
SHA-256 | fd7b19a9193f7aff16d3b71d71eee92ef8df3e278021933d800166fd2f528d75
Ektron CMS400.NET Default Password Scanner
Posted Sep 1, 2024
Authored by Jay Turla | Site metasploit.com

Ektron CMS400.NET is a web content management system based on .NET. This Metasploit module tests for installations that are utilizing default passwords set by the vendor. Additionally, it has the ability to brute force user accounts. Note that Ektron CMS400.NET, by default, enforces account lockouts for regular user account after a number of failed attempts.

tags | exploit, web
SHA-256 | e867081ce25f1500fcd90fd14704c451906cad6adeb1d11209918e5c4af73432
HTTP Blind XPATH 1.0 Injector
Posted Sep 1, 2024
Authored by Jay Turla | Site metasploit.com

This Metasploit module exploits blind XPATH 1.0 injections over HTTP GET requests.

tags | exploit, web
SHA-256 | 651687bcd595b9f22e68c3c981e70f5fc4f0a88508ab6655dda370543c5b0161
Page 4 of 408
Back23456Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close