This Metasploit module generates a malicious Microsoft Word document that when loaded, will leverage the remote template feature to fetch an HTML document and then use the ms-msdt scheme to execute PowerShell code.
dfd70a501deb66860bda3d2c8fb70eb21aec791b445093014e637e57d9f6c39cThis Metasploit module creates a malicious docx file that when opened in Word on a vulnerable Windows system will lead to code execution. This vulnerability exists because an attacker can craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine.
fcc3f4d138a7fb7352da3e6cb2038a1b4776153656e84bcdef4857dab28eac23This Metasploit module exploits an unauthenticated remote code execution vulnerability which exists in Apache version 2.4.49 (CVE-2021-41773). If files outside of the document root are not protected by ‘require all denied’ and CGI has been explicitly enabled, it can be used to execute arbitrary commands. This vulnerability has been reintroduced in the Apache 2.4.50 fix (CVE-2021-42013).
a75779abdd3a9f2a319a34c0efbba4f95b420f39624081c3a13752641b7c8d6dThis Metasploit module exploits a vulnerability on Microsoft Exchange Server that allows an attacker to bypass the authentication, impersonate an arbitrary user, and write an arbitrary file to achieve remote code execution. By taking advantage of this vulnerability, you can execute arbitrary commands on the remote Microsoft Exchange Server. This vulnerability affects Exchange 2013 CU23 versions before 15.0.1497.15, Exchange 2016 CU19 versions before 15.1.2176.12, Exchange 2016 CU20 versions before 15.1.2242.5, Exchange 2019 CU8 versions before 15.2.792.13, and Exchange 2019 CU9 versions before 15.2.858.9.
b555cd3b9862ec567195ff3003e6dc453483630a7c663ee17d582778c11dbf59This Metasploit module scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin by chaining this bug with another post-auth arbitrary-file-write vulnerability to get code execution. As a result, an unauthenticated attacker can execute arbitrary commands on Microsoft Exchange Server. This vulnerability affects Exchange 2013 versions below 15.00.1497.012, Exchange 2016 CU18 below 15.01.2106.013, Exchange 2016 CU19 below 15.01.2176.009, Exchange 2019 CU7 below 15.02.0721.013, and Exchange 2019 CU8 below 15.02.0792.010 . All components are vulnerable by default.
585a4badc4bc32954c170e5f8283ee5e2c9ceb31c4f0aab20e24dc5c6ff31912This Metasploit module exploits a local file inclusion vulnerability in Citrix ADC Netscaler.
70dc89253162a6b119c3d606f6c3f8993ac2cf75090d967905fead6d2ddd4d90This Metasploit module exploits a Centreon version 19.10.5 Pollers remote command execution vulnerability.
3823f489d80ba96f9daa51e9c9ad49970827297fc04995a65e690613f8eb0684This Metasploit module exploits a directory traversal in Citrix Application Delivery Controller (ADC), aka NetScaler, and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0, to execute an arbitrary command payload.
0f0c8e65ca7fee56037d7ddffc1e77aeffb0987b8111f2b772dbffe0b1b1fb89This Metasploit module exploits a remote code execution vulnerability in Citrix Application Delivery Controller and Gateway version 10.5.
bec68a9167966887bfc41632126f3582e09608bebf23999be1ca53bae2414759Microsoft Windows Remote Desktop BlueKeep denial of service exploit.
fd14625fe2ae16af44ddb6f7a27ab38b1fdc86ac051a831939a1eb569a859ea5
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed