This Metasploit module uses a directory traversal vulnerability to extract information such as password, rdspassword, and "encrypted" properties. This Metasploit module has been tested successfully on ColdFusion 9 and ColdFusion 10 (auto-detect).
f9027fa18590f935c44c682f6c35a26d0f940ef9411caf0b16feb68afcb22e83
This Metasploit module exploits a vulnerability in MoinMoin 1.9.5. The vulnerability exists on the manage of the twikidraw actions, where a traversal path can be used in order to upload arbitrary files. Exploitation is achieved on Apached/mod_wsgi configurations by overwriting moin.wsgi, which allows to execute arbitrary python code, as exploited in the wild on July, 2012.
357506b05f75972b93ef4f53d7935e38c58ae9d6c3dc89990bc79b7b56e9d911
Kloxo versions 6.1.12 and below contain two setuid root binaries. lxsuexec and lxrestart allow local privilege escalation to root from uid 48, Apache by default on CentOS 5.8, the operating system supported by Kloxo. This Metasploit module has been tested successfully with Kloxo 6.1.12 and 6.1.6.
a70607f00778f48b03ab7e80bcb005fc5ae1a0f4e784ea6219b2ca83f16982c7
Kloxo version 6.1.6 suffers from a local privilege escalation vulnerability.
05c8a48c93af3659880c9fc3c9b6dc020d3b89b769551432c305b8d9a7ee8d6f
MoinMelt remote arbitrary command execution exploit as released in HTP version 5.
57a4eee9988f535e79cf25e3113013c4894c962158793e8fa7a2a42a01d07190
ColdFusion version 9 and 10 remote root zero day exploit as released in HTP version 5.
7ca7d0dbbf03c4e7f09cce36a6785fc2d64fa398061c3b4afd5d406f11f33c4e