This Metasploit module exploits a vulnerability in the FreeBSD run-time link-editor (rtld). The rtld unsetenv() function fails to remove LD_* environment variables if __findenv() fails. This can be abused to load arbitrary shared objects using LD_PRELOAD, resulting in privileged code execution.
b7d2e9a938e3bd3e306735ac30c5547fb5873fe1a798d291f7cd437bdee37ad0
OpenSSH allows for unlimited password cracking in a two minute timeframe.
25629b480318a8e57f7afa8ce9daa4ea9ed171b4e2087d872c4851d327423301
Apache and PHP remote command execution exploit that leverages php5-cgi.
9d57dc343cc59f716358c28109591d65f8d5b225d645fd188e0084e43bad3ad6
ProFTPd installs with mod_sftp and mod_sftp_pam activated contain a memory exhaustion vulnerability.
95185308c28fd558885085b49bb19eba912372bf47baf1e28699dce9ade846a9
Mikrotik RouterOS versions 5.x and 6.x suffer from an sshd remote pre-authentication heap corruption vulnerability. Included is a 50 meg Mikrotik package that includes all research items.
74610d5d75efcfb4a984b83085a1bd9e64779bd5d156fb3a81b92d7bb3439349
Apache suEXEC suffers from privilege escalation and information disclosure vulnerabilities.
6eddc12273e6a9546d9219b053ff012eff046f9697318a4bec44daadab5df846
This whitepaper document how the brute forcing exploit works for a buffer overflow vulnerability in nginx versions 1.3.9 and 1.4.0 on x86.
83e7a76cda024bdc1720e8569cb20218c76aa3c5b8a8f5ddfad4818e03f8afe9
Squid version 3.3.5 remote denial of service crash exploit.
247867b58f499ec2f8cbd7f45618c22bc77cf0fc844f2741c42df41f4033fd68
nginx version 1.3.9 and 1.4.0 x86 brute force proof of concept remote exploit that spawns a reverse shell.
c08d90d9385b3dfaf58239db1bfee804fe103d21d4ebed131c2c37bd98971111
Reliable exploit for the Plesk PHP code injection vulnerability disclosed by Kingcope in June 2013. Can deliver inline and reverse shells using the payloads library, as well as offering (buggy) file upload features.
b76333a40c15eeb1e6e0fe351ee9f933ff24a237da980ed7dc853fd2e1f0d52c
Parallels Plesk version 9.5.4 (and possibly other versions) suffers from a remote PHP code execution vulnerability. This rar archive includes a working exploit and details surrounding the issue.
45eedc54848a9db5ff66ce3b3a0d147ce2510e8bc440ebf972f7b958ef500803
ircd-hybrid version 8.0.5 on CentOS 6 denial of service exploit.
1ad9d4b2dbdf42d96561ba07e7956a32432227a3ff63dc81f94e3ce9afd25f47
This archive has a whitepaper that discusses research and methods used to circumvent Microsoft Windows 7 and 8 memory protections in order to execute arbitrary assembly code. Proof of concepts are also provided.
c8e610b00b7c56c4bacab2f28c7776039d77d68be2dd25ef959f8e2a888d5f82
This Metasploit module abuses the "wmicimsv" service on IBM System Director Agent 5.20.3 to accomplish arbitrary DLL injection and execute arbitrary code with SYSTEM privileges. In order to accomplish remote DLL injection it uses a WebDAV service as disclosed by kingcope on December 2012. Because of this, the target host must have the WebClient service (WebDAV Mini-Redirector) enabled. It is enabled and automatically started by default on Windows XP SP3, but disabled by default on Windows 2003 SP2.
57ad1d7f1d323cfb6acd126a3292c26cbc21aecfac9b4ae0aa47d8c45a07aaad
This Metasploit modules takes advantage of a file privilege misconfiguration problem specifically against Windows MySQL servers (due to the use of a .mof file). This may result in arbitrary code execution under the context of SYSTEM. However, please note in order to use this module, you must have a valid MySQL account on the target machine.
4bdddccff72e6f861ece38c09f5e2d07982390d9788ff9574617a88479fcf1dc
This Metasploit module exploits a vulnerability in Tectia SSH server for Unix-based platforms. The bug is caused by a SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ request before password authentication, allowing any remote user to bypass the login routine, and then gain access as root.
a8cae2783ae383b985cfe414beea92207b93fca99d51ada21c788b6eff779ccc
FreeFTPD remote SYSTEM level exploit that does not require a username. All versions as of 12/03/2012 are affected.
b7bff25b29023037bee1293ab7a4b53100ef5e4b3588f6dc35cf4926f6199596
FreeSSHD suffers from a remote authentication bypass vulnerability.
0f3bd20a3e70422b385aedbcf9be79dcffb498416d75c29e1820bbafa68dab21
The SSH USERAUTH CHANGE REQUEST routines in SSH Tectia (a commercial version of OpenSSH) suffer from a remote authentication bypass vulnerability.
90574e5a353e4c3a76ad8f415c316dc006d8d28e2cf0d2589bd14d0b13c310a8
This is the telnet encrypt key id priv8 modified version of synscan.
941d0545a6636757939b84f3cf7f19204935caab6241cc3cf55bcb2b2b71ba5e
Oracle MySQL suffers from a user enumeration vulnerability. This is a utility that demonstrates the issue.
8460a0977a201113cdd0cf16e055c51392db08aa506165c818a881ce632dbd1d
Oracle MySQL on Windows remote exploit that leverages file privileges to obtain a SYSTEM shell.
4a2e64891b58bc7a154f2b70367e520bd51dde3d72bf67966ad91a32725a0244
Oracle MySQL version 5.5.19-log on SuSE Linux suffers from a denial of service vulnerability.
e7b152542270e8ccb148f030520930976460470f663a3f3d19c5f09cba1871f5
Oracle MySQL on Linux suffers from a vulnerability that allows an attacker to add a new admin user.
d1601135651994faddfc10c91567f145058d6d888036e2073e79b83518277a4f
Oracle MySQL on Linux suffers from a heap overrun vulnerability.
aa61b4faa2cc9c52276bbcea35e5861199148c06c5182c06981f429b55af2c0e