This Metasploit module connects to a specified Metasploit RPC server and uses the 'console.write' procedure to execute operating system commands. Valid credentials are required to access the RPC interface. This Metasploit module has been tested successfully on Metasploit 4.15 on Kali 1.0.6; Metasploit 4.14 on Kali 2017.1; and Metasploit 4.14 on Windows 7 SP1.
8ea98d2b410cde645149d0474ad59d7f8e2ce8335f863b066bd6f8eb38a90c6e
PeopleSoft ToolsRelease version 8.55.03, ToolsReleaseDB version 8.55, and HCM version 9.2 suffer from a TestServlet cross site scripting vulnerability.
6f27a9a828724a7736a1b7f2889f126f8efc3b2f3c3807b27c60ee7904f9b16e
Televes COAXDATA GATEWAY 1Gbps suffers from credential disclosure, arbitrary password change, unrestricted backup restore, and various other vulnerabilities. The vendor has notified Packet Storm that firmware version 1.03.0016 addresses these issues.
9baff8fd7ea7ecdd219dd2f97ec0f608150440181c7874a88448885e8ba30f70
NEC Universe UM4730 versions prior to 11.8 suffers from a remote SQL injection vulnerability.
9bc22dbc596c325410c6890c434f2f7104984b425924ee7352b1260be9487f23
Trustonic's Trusted Execution Environment (TEE) OS fails to perform revocation of trustlets.
5292643705b2a592ce4d79010191e3052ef98b5f67f2a9fe9356b30677b6295e
Virtual Postage (VPA) version 1.0 suffers from a remote code execution vulnerability via man-in-the-middle attacks.
816fa95055239cb95ffb77c4c4aac690fbdb7a852cd92f2696db296e8f9c9146
SKILLS.com.au Industry App version 1.0 suffers from a remote code execution vulnerability via man-in-the-middle attacks.
29ee0636ad9ced1631d22d05accf2192ac275e9c7db76dfbc702f6ec0720de02
Joomla JoomRecipe component version 1.0.4 suffers from a remote SQL injection vulnerability in search_author.
cc8c058cfc344b67f751b343f7b09d92e456db747390c2e927e12e9a6ed81785
Sonicwall Secure Remote Access (SRA) version 8.1.0.2-14sv suffers from a remote command injection vulnerability.
058ee4560dcd1576fb23b43fa5fe3a3d28b656aedb5f932919ce0ded272f97b3
WordPress Task Manager Pro version 1.31 suffers from multiple cross site scripting vulnerabilities.
0ab5b7ff53cae033bdc9d97690414d0d194da945e56fab67995ebaee9abbcdc2
Citrix CloudBridge suffers from a CAKEPHP pre-authentication remote root cookie command injection vulnerability.
ed35a3243301479f8f9b453927d581a3dab42f8438d6ee27f9608582962fb66f
Sonicwall version 8.1.0.2-14sv importlogo/sitecustomization remote command execution exploit.
bad044d4acf954bf0f910ffc7f39881c4498bc687a9f36640cd739cd6638bdc3
Citrix SD-WAN version 9.1.2.26.561201 logout cookie pre-authentication remote command injection exploit.
a9d18103386b7c5413eb695eaee5e1020ef143fa405d4b964605ff5561db732d
Sonicwall SRA version 8.1.0.2-14sv gencsr.cgi remote command injection exploit.
329940cf4063e7a9fb0d94eae38b5e003d9143b085469fa57ef97279bed2d20e
Microsoft Internet Explorer suffers from a VBScript arithmetic function type confusion vulnerability.
f40f028ace681031a746b0e8ecc785e770f04baf897fa1f1b397ec507e8a1a00
Bitcoin Core Wallet version 0.14.2 proof of concept crash exploit discovered while fuzzing.
227422a7226384706d19cbd6aad8395f75a94cb2710b5fb7d7a3539b4dc90ddb
Barracuda Load Balancer Firmware versions 6.0.1.006 (2016-08-19) and below post-authentication remote root exploit.
761cc64c788d41c81b773e2661fb538a8d4516f8a3c77082756bc9a65c69ee93
Various GPC Sanitization bypasses exist in Cisco WebEx that can permit from arbitrary remote command execution.
2742e774481d9cd4f1486925a8d6d0f5cd50b3e1c50f16db34aa9fee06887044
Microsoft Internet Explorer suffers from a memory corruption vulnerability in CMarkup::DestroySplayTree. The bug was confirmed on IE version 11.0.9600.18617 (Update version 11.0.40) running on Windows 7 64-bit.
c58903dd193f7839cd836f12f61a126151db2248cb30e60241e98c8ec782dd43
The Microsoft Windows kernel suffers from a nsiproxy/netio pool memory disclosure vulnerability in the handling of IOCTL 0x120007 (NsiGetParameter).
8229d08febcaa9bd8c80abedcecc4b916525c1c1c631b418d8e2c05fc4e24759
Sophos Web Appliance version 4.3.0.2 reporting JSON trafficType remote command injection exploit.
b7c8712bb8d62608c24d118744810037b7c47dba41c89048cac2b15b57b84234
Hashicorp vagrant-vmware-fusion versions 4.0.20 and below suffer from a local root privilege escalation vulnerability.
abdc50db20a101b047974cc99ce3df26fbc159554720c0b62b943a6f559177ef
PEGA Platform versions 7.2 ML0 and below suffer from missing access control and cross site scripting vulnerabilities.
20e1a6dbc16ac5196217cef7e109e692ddfeba3348cfea759557d84256536b9d
DotCMS version 4.1.1 suffers from a remote shell upload vulnerability.
e4c3a573a9e295eb33e393e863f9b9d0de5b31c1e1cab1d466e26029dd1e2363
Orangescrum version 1.6.1 suffers from cross site scripting and remote file upload vulnerabilities.
106418e31fa4cbf360e7471d81c2df8932c71452c44b9ba4675115930b0547d9