This Metasploit module exploits a directory traversal in the ZENworks Configuration Management. The vulnerability exists in the Preboot service and can be triggered by sending a specially crafted PROXY_CMD_FTP_FILE (opcode 0x21) packet to the 998/TCP port. This Metasploit module has been successfully tested on Novell ZENworks Configuration Management 10 SP2 and SP3 over Windows.
c8558ecefbfe751f2fc66900fb57a9cf3f672074e3a5a9c539be4d79127c10fbThis Metasploit module takes advantage of an authentication bypass vulnerability at the web interface of multiple manufacturers DVR systems, which allows to retrieve the device configuration.
92970fe8576d8a26914e34ab8819055f169c2028d4106ed9aa7fe40e0c3de86bThis Metasploit module exploits a lack of authentication and a directory traversal in HP Intelligent Management, specifically in the ReportImgServlt, in order to retrieve arbitrary files with SYSTEM privileges. This Metasploit module has been tested successfully on HP Intelligent Management Center 5.1 E0202 over Windows 2003 SP2.
fc011d457e4acf956275035f4b8a0451d41e2e13f19438085bac537923b7fe5dThis Metasploit module exploits a directory traversal vulnerability in Apache ActiveMQ 5.3.1 and 5.3.2 on Windows systems. The vulnerability exists in the Jettys ResourceHandler installed with the affected versions. This Metasploit module has been tested successfully on ActiveMQ 5.3.1 and 5.3.2 over Windows 2003 SP2.
e4fc1de226b239cc42c11119b2ecd2130fccf09146aabb316d9690fa9c3b4d15This Metasploit module attempts to find D-Link devices running Alphanetworks web interfaces affected by the backdoor found on the User-Agent header. This Metasploit module has been tested successfully on a DIR-100 device with firmware version v1.13.
efeab64a2c3b15be8d9ef8a9a4512d08c15268b3a979db52689b008670fee189This Metasploit module exploits a hardcoded user and password for the GetFile maintenance task in Novell ZENworks Asset Management 7.5. The vulnerability exists in the Web Console and can be triggered by sending a specially crafted request to the rtrlet component, allowing a remote unauthenticated user to retrieve a maximum of 100_000_000 KB of remote files. This Metasploit module has been successfully tested on Novell ZENworks Asset Management 7.5.
330cc22734979700205d38d8b3a6fcb4016360f791b7add7a0841b6885897ab3This Metasploit module exploits a lack of authentication and a directory traversal in HP Intelligent Management, specifically in the FaultDownloadServlet, in order to retrieve arbitrary files with SYSTEM privileges. This Metasploit module has been tested successfully on HP Intelligent Management Center 5.1 E0202 over Windows 2003 SP2.
4afa0137a506369a61e2db708c38b69ad4ed8789d747da63b132480ec19c7b07This Metasploit module checks for known vulnerabilities in the CGI applications of Supermicro Onboard IPMI controllers. These issues currently include several unauthenticated buffer overflows in the login.cgi and close_window.cgi components.
25146ab0a527b2c20a4d174368a8756c57f0f973644733c599eb8239270f30b0NFRAgent.exe, a component of Novell File Reporter (NFR), allows remote attackers to retrieve arbitrary text files via a directory traversal while handling requests to /FSF/CMD with an FSFUI record with UICMD 126. This Metasploit module has been tested successfully against NFR Agent 1.0.4.3 (File Reporter 1.0.2) and NFR Agent 1.0.3.22 (File Reporter 1.0.1).
81f6f5506b0f0868f1a9d759cd92713726d775d050dcedeb4fb03b32a0063308This Metasploit module exploits an authentication bypass vulnerability in HP SiteScope which allows to retrieve the HP SiteScope configuration, including administrative credentials. It is accomplished by calling the getSiteScopeConfiguration operation available through the APISiteScopeImpl AXIS service. The HP SiteScope Configuration is retrieved as file containing Java serialization data. This Metasploit module has been tested successfully on HP SiteScope 11.20 over Windows 2003 SP2 and Linux Centos 6.3.
49a6293f49b3d88908408822f05f60de61f16258c0921f50adecb84a90811493This Metasploit module attempts to read a remote file from the server using a vulnerability in the way MediaWiki handles SVG files. The vulnerability occurs while trying to expand external entities with the SYSTEM identifier. In order to work MediaWiki must be configured to accept upload of SVG files. If anonymous uploads are allowed the username and password arent required, otherwise they are. This Metasploit module has been tested successfully on MediaWiki 1.19.4, 1.20.3 on Ubuntu 10.04 and Ubuntu 12.10. Older versions were also tested but do not seem to be vulnerable to this vulnerability. The following MediaWiki requirements must be met: File upload must be enabled, $wgFileExtensions[] must include svg, $wgSVGConverter must be set to something other than false.
71615d7c455fb2156a5414c500e8bff8843420ced30f06fff70abbf96f287ac8This Metasploit module exploits an authentication bypass vulnerability in HP SiteScope to retrieve an arbitrary text file from the remote server. It is accomplished by calling the loadFileContent operation available through the APIMonitorImpl AXIS service. This Metasploit module has been successfully tested on HP SiteScope 11.20 over Windows 2003 SP2 and Linux Centos 6.3.
70fba2e746b60b36e7ed3d2efbabee053f81db339cfb2580347bd710629b238dThis Metasploit module exploits a lack of authentication and access control in HP Intelligent Management, specifically in the FileDownloadServlet from the SOM component, in order to retrieve arbitrary files with SYSTEM privileges. This Metasploit module has been tested successfully on HP Intelligent Management Center 5.2_E0401 with SOM 5.2 E0401 over Windows 2003 SP2.
1850a191353250b7a4f39ae00758d5a46a4b1b6e1c9ca0c3c46852217064aebeThis Metasploit module simply attempts to read a remote file from the server using a vulnerability in the way Atlassian Crowd handles XML files. The vulnerability occurs while trying to expand external entities with the SYSTEM identifier. This Metasploit module has been tested successfully on Linux and Windows installations of Crowd.
75935ac70e77d2ed62ac0e96af0d4e5b93fa4b3bb3efd5ddaf65a718cf03dd38This Metasploit module exploits a source code disclosure in Apache ActiveMQ. The vulnerability is due to the Jettys ResourceHandler handling of specially crafted URIs starting with //. It has been tested successfully on Apache ActiveMQ 5.3.1 over Windows 2003 SP2 and Ubuntu 10.04.
ede3496420e2c26c1f98f2ec9c2985c39b539632810d4d9851f54502743fb0ffThis Metasploit module exploits an authentication bypass vulnerability in HP SiteScope to retrieve an arbitrary file from the remote server. It is accomplished by calling the getFileInternal operation available through the APISiteScopeImpl AXIS service. This Metasploit module has been successfully tested on HP SiteScope 11.20 over Windows 2003 SP2 and Linux Centos 6.3.
ac2a6c8b7ee1032f4592faca207812805ca78af0323e9f167ee599f82c2b95f3This Metasploit module abuses a directory traversal vulnerability in the url_redirect.cgi application accessible through the web interface of Supermicro Onboard IPMI controllers. The vulnerability is present due to a lack of sanitization of the url_name parameter. This allows an attacker with a valid, but not necessarily administrator-level account, to access the contents of any file on the system. This includes the /nv/PSBlock file, which contains the cleartext credentials for all configured accounts. This Metasploit module has been tested on a Supermicro Onboard IPMI (X9SCL/X9SCM) with firmware version SMT_X9_214. Other file names to try include /PSStore, /PMConfig.dat, and /wsman/simple_auth.passwd.
2a895b9a6c562c00a389ca6061ee3c5d3935d00911eac01555699f44b7a15397This Metasploit module exploits a lack of authentication and a directory traversal in HP Intelligent Management, specifically in the DownloadServlet from the BIMS component, in order to retrieve arbitrary files with SYSTEM privileges. This Metasploit module has been tested successfully on HP Intelligent Management Center 5.1 E0202 with BIMS 5.1 E0201 over Windows 2003 SP2.
dd399cbd46c56431b6335bb7af600f7a8b07fbe5b5343567170606df7df666bbThis Metasploit module exploits a directory traversal vulnerability in Novell Groupwise. The vulnerability exists in the web interface of both the Post Office and the MTA agents. This Metasploit module has been tested successfully on Novell Groupwise 8.02 HP2 over Windows 2003 SP2.
cf3c10c3309d3a179dabde680510ab0063386316124c0e6cf1c7d34f3864c865This Metasploit module exploits a lack of authentication and a directory traversal in HP Intelligent Management, specifically in the IctDownloadServlet, in order to retrieve arbitrary files with SYSTEM privileges. This Metasploit module has been tested successfully on HP Intelligent Management Center 5.1 E0202 over Windows 2003 SP2.
331f67245589f8f5486246bf8eb948bde7cf833ed0355ee50545787a79aaed4aNFRAgent.exe, a component of Novell File Reporter (NFR), allows remote attackers to retrieve arbitrary files via a request to /FSF/CMD with a SRS Record with OPERATION 4 and CMD 103, specifying a full pathname. This Metasploit module has been tested successfully against NFR Agent 1.0.4.3 (File Reporter 1.0.2) and NFR Agent 1.0.3.22 (File Reporter 1.0.1).
0fe7de29a8510749c4422eb90c00ce443c32a0afb88d5b82f3f5fffdca5d7da1This Metasploit module exploits a hardcoded user and password for the GetConfig maintenance task in Novell ZENworks Asset Management 7.5. The vulnerability exists in the Web Console and can be triggered by sending a specially crafted request to the rtrlet component, allowing a remote unauthenticated user to retrieve the configuration parameters of Novell Zenworks Asset Management, including the database credentials in clear text. This Metasploit module has been successfully tested on Novell ZENworks Asset Management 7.5.
1d9e7ba3c5437ccfb3683cfc6321e1b7024fe5a849eab97a085b5868e1d6209eThis Metasploit module checks for the OpenSSL ChangeCipherSpec (CCS) Injection vulnerability. The problem exists in the handling of early CCS messages during session negotiation. Vulnerable installations of OpenSSL accepts them, while later implementations do not. If successful, an attacker can leverage this vulnerability to perform a man-in-the-middle (MITM) attack by downgrading the cipher spec between a client and server. This issue was first reported in early June, 2014.
50d2ae16c07b123362ddd9c4123d103a1aaf098f3776f32cfd170977a46bd234This Metasploit module exploits a directory traversal in Sielco Sistemi Winlog. The vulnerability exists in the Runtime.exe service and can be triggered by sending a specially crafted packet to the 46824/TCP port. This Metasploit module has been successfully tested on Sielco Sistemi Winlog Lite 2.07.14.
b86031eb554a91e334141d55bf93e4dd76814f3ae6c789b063d6cd6424f4986aThis Metasploit module exploits a directory traversal vulnerability in Indusoft WebStudio. The vulnerability exists in the NTWebServer component and allows to read arbitrary remote files with the privileges of the NTWebServer process. The module has been tested successfully on Indusoft WebStudio 6.1 SP6.
d242b8007726d97afc7ca45d4fdc57dd3eea44c1e53c5a4a3eff01999ce2fbaa
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed