This Metasploit module exploits a directory traversal vulnerability found in Bitweaver. When handling the overlay_type parameter, view_overlay.php fails to do any path checking/filtering, which can be abused to read any file outside the virtual directory.
75260c8739219589832630db597ad076c6fa9dee26583aeb19f2537f54e959f0This Metasploit module exploits a directory traversal vulnerability found in Sybase EAservers Jetty webserver on port 8000. Code execution seems unlikely with EAservers default configuration unless the web server allows WRITE permission.
7bfd36e1187bbe4aedbbf3cc9f1865de502ad6964a28a52016ac80e17c3bbfa5This Metasploit module exploits a directory traversal vulnerability found in Simple Web Server 2.3-RC1.
51715fee223323063efe38cccd63acc54537c25beb376295f1d2c1da1023b617This Metasploit module exploits a directory traversal vulnerability found in ManageEngine DeviceExperts ScheduleResultViewer Servlet. This is done by using "..\..\..\..\..\..\..\..\..\..\" in the path in order to retrieve a file on a vulnerable machine. Please note that the SSL option is required in order to send HTTP requests.
ead6620e60a1e33962bc1a629b7991560b6ad340faaa6fcdaf3b569e03e10a00This Metasploit module dumps memory contents using a crafted Range header and affects only Windows 8.1, Server 2012, and Server 2012R2. Note that if the target is running in VMware Workstation, this module has a high likelihood of resulting in BSOD; however, VMware ESX and non-virtualized hosts seem stable. Using a larger target file should result in more memory being dumped, and SSL seems to produce more data as well.
4a0a7232721b04275d17b16891f2475537a84cfaad2597bb4398fc1c09c5c025This Metasploit module exploits a directory traversal bug in NetDecisions TrafficGrapherServer.exe service. This is done by using "...\" in the path to retrieve a file on a vulnerable machine.
2db5b43271b02aac5bc92d77bc7a6d556cf2284427702920362c068ef7494e85This Metasploit module exploits a directory traversal flaw found in ManageEngine SecurityManager Plus 5.5 or less. When handling a file download request, the DownloadServlet class fails to properly check the f parameter, which can be abused to read any file outside the virtual directory.
98b90060e56e53ae955e5807e913d453feb2e176f2c8a1d9bd2e96baeda6e4c2This Metasploit module attempts to find Wordpress credentials by abusing the XMLRPC APIs. Wordpress versions prior to 4.4.1 are suitable for this type of technique. For newer versions, the script will drop the CHUNKSIZE to 1 automatically.
86141a52d8d8035b170f6b501c77432e3aa0ad370de1b670688134dc56bcc34aThis Metasploit module tests credentials on OWA 2003, 2007, 2010, 2013, and 2016 servers.
fe449d1093c827b43ae6705f3fdb503e01d7ff4b5ec59ad4e40f9657a25a142aThis Metasploit module attempts to login to GlassFish instance using username and password combinations indicated by the USER_FILE, PASS_FILE, and USERPASS_FILE options. It will also try to do an authentication bypass against older versions of GlassFish. Note: by default, GlassFish 4.0 requires HTTPS, which means you must set the SSL option to true, and SSLVersion to TLS1. It also needs Secure Admin to access the DAS remotely.
6c7157ec94048d1b65a89eee8917a88c9f200e77ed3ea2eb46eb08e22e74dcaeThis Metasploit module will download a file of your choice against Symantec Messaging Gateway. This is possible by exploiting a directory traversal vulnerability when handling the logFile parameter, which will load an arbitrary file as an attachment. Note that authentication is required in order to successfully download your file.
729ff2b80ca640b077d342b8e5cba0062b263a17f7b346842d74573342e6baafThis Metasploit module exploits a directory traversal bug in Sockso on port 4444. This is done by using "../" in the path to retrieve a file on a vulnerable machine.
8b58c3d3a18b7324e06669702efc26713aaea795ec63f5471cbbb73c604a5e29This Metasploit module exploits a directory traversal flaw found in Clansphere 2011.3. The application fails to handle the cs_lang parameter properly, which can be used to read any file outside the virtual directory.
8c388b0595a2b36d16445e43deb2333fed77b9a4cda530522fc89615a19444edThis Metasploit module exploits a directory traversal vulnerability in Cisco Firepower Management under the context of www user. Authentication is required to exploit this vulnerability.
0d061939908b4334892c19426e04f252eec077a12d12b54436788e6508658a48This Metasploit module exploits a directory traversal vulnerability found in WebPageTest. Due to the way the gettext.php script handles the file parameter, it is possible to read a file outside the www directory.
c8fc5793bb9641b12b4d2106a06fb4d479a668d64206809ae721e664f0532142This Metasploit module exploits a directory traversal bug in Yaws v1.9.1 or less. The module can only be used to retrieve files. However, code execution might be possible. Because when the malicious user sends a PUT request, a file is actually created, except no content is written.
100096ddc3f68245671d7c79a3e9817a588a3133d7f03303b89fad43146b34e0This Metasploit module exploits a directory traversal vulnerability found in S40 CMS. The flaw is due to the page function not properly handling the $pid parameter, which allows a malicious user to load an arbitrary file path.
d6720a2fda7d3817e8ed89f2d465217c66c920fe74798458a08c6ec8b7c48925This Metasploit module checks if a Samba target is vulnerable to an uninitialized variable creds vulnerability.
681efe7fe7ea30e7014e98779385ad637775f0fc6af8ac07bd254b36e8b70529This Metasploit modules exploits a directory traversal vulnerability in IpSwitch WhatsUp Golds TFTP service.
f52a92979e0cd2467ac4d0bd611f2176dc90cd4fd1fa2d4a2be6f245808683efThis Metasploit modules exploits a directory traversal vulnerability in VMWare Update Manager on port 9084. Versions affected by this vulnerability: vCenter Update Manager 4.1 prior to Update 2, vCenter Update Manager 4 Update 4.
141792b0109b73b145e21b04ca6c1e0cd9cb9dfc495904452e3a23caf4459da8This Metasploit module exploits HP Data Protectors omniinet process, specifically against a Windows setup. When an EXEC_CMD packet is sent, omniinet.exe will attempt to look for that user-supplied filename with kernel32!FindFirstFileW(). If the file is found, the process will then go ahead execute it with CreateProcess() under a new thread. If the filename isnt found, FindFirstFileW() will throw an error (0x03), and then bails early without triggering CreateProcess(). Because of these behaviors, if you try to supply an argument, FindFirstFileW() will look at that as part of the filename, and then bail. Please note that when you specify the CMD option, the base path begins under C:\.
d60f9ecfdd7e75b911a02d2e3e9f7e6e28eb00b4db11022e93bc1c7e16bb9722This Metasploit module will access Novell eDirectorys eMBox service and can run the following actions via the SOAP interface: GET_DN, READ_LOGS, LIST_SERVICES, STOP_SERVICE, START_SERVICE, SET_LOGFILE.
6f3159d4e22911966229228c779f6b480d4899bc7ad4b88645ca6777cfbc71f7This Metasploit module bypasses basic authentication for Internet Information Services (IIS). By appending the NTFS stream name to the directory name in a request, it is possible to bypass authentication.
81c7985df2aff0d30d1f7d3ade0d49b345a4a07669ede4729c9660062ed8657dThis will add an administrative account to Scrutinizer NetFlow and sFlow Analyzer without any authentication. Versions such as 9.0.1 or older are affected.
49a2f85914fe62a59a5b35436be0129aeb6f0625b2437d7ef4016b0001eb50eaThis Metasploit module plays a video on an AppleTV device. Note that AppleTV can be somewhat picky about the server that hosts the video. Tested servers include default IIS, default Apache, and Rubys WEBrick. For WEBrick, the default MIME list may need to be updated, depending on what media file is to be played. Python SimpleHTTPServer is not recommended. Also, if youre playing a video, the URL must be an IP address. Some AppleTV devices are actually password-protected; in that case please set the PASSWORD datastore option. For password brute forcing, please see the module auxiliary/scanner/http/appletv_login.
98d9e586a534095e5d0b6f478a9570f6bcf61c7030ee08f41c68fcaf77e0442b
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed