This Metasploit module attempts to exploit a netfilter bug on Linux Kernels befoe 4.6.3, and currently only works against Ubuntu 16.04 (not 16.04.1) with kernel 4.4.0-21-generic. Several conditions have to be met for successful exploitation: Ubuntu: 1. ip_tables.ko (ubuntu), iptable_raw (fedora) has to be loaded (root running iptables -L will do such) 2. libc6-dev-i386 (ubuntu), glibc-devel.i686
3ed3279ffabc1d769fe51805e802f0af5a86f32107a739ee1f3f3ec23f7e3010
This Metasploit module attempts to exploit a race condition in mail.local with the SUID bit set on: NetBSD 7.0 - 7.0.1 (verified on 7.0.1), NetBSD 6.1 - 6.1.5, and NetBSD 6.0 - 6.0.6. Successful exploitation relies on a crontab job with root privilege, which may take up to 10min to execute.
538ce6a834dffd6d9e669ab16ae984c12556d38cab1d2870f6bbbd5bc570cb23
This Metasploit module will create a service on the box, and mark it for auto-restart.
79da7c70153554395ef5348119b04ecdb39ab60cb29fef4eae875f83f0352191
This Metasploit module will create a cron or crontab entry to execute a payload. The module includes the ability to automatically clean up those entries to prevent multiple executions. syslog will get a copy of the cron entry.
9793155803f506f6e27c18e5277bed947632ef874e5664d5251d4e9d7cb8c507
Routers manufactured by Netcore, a popular brand for networking equipment in China, have a wide-open backdoor that can be fairly easily exploited by attackers. These products are also sold under the Netis brand name outside of China. This backdoor allows cyber criminals to easily run arbitrary code on these routers, rendering it vulnerable as a security device. Some models include a non-standard echo command which doesn't honor -e, and are therefore not currently exploitable with Metasploit. See URLs or module markdown for additional options.
23aa19a2ba418a35cd8bbecabd42ee2c073706a9c5dc4bf7724e7a87210b3a29
The login component of the Polycom Command Shell on Polycom HDX video endpints, running software versions 3.0.5 and earlier, is vulnerable to an authorization bypass when simultaneous connections are made to the service, allowing remote network attackers to gain access to a sandboxed telnet prompt without authentication. Versions prior to 3.0.4 contain OS command injection in the ping command which can be used to execute arbitrary commands as root.
548cc509510583c6e9073f79cf341d4f7d444c54333db5eee6854c756f2f9ecf
Centreon Web Interface versions 2.5.3 and below utilize an ECHO for logging SQL errors. This functionality can be abused for arbitrary code execution, and can be triggered via the login screen prior to authentication.
5c09582d8455d486f9a8b546afc64ba7e1c0033c02c90405893cf9e6a8d35f16
Tiki-Wiki CMS's calendar module contains a remote code execution vulnerability within the viewmode GET parameter. The calendar module is NOT enabled by default. If enabled, the default permissions are set to NOT allow anonymous users to access.
9131c295c6f0a87ffeed5ec24203a47294ef439eb9e76d9c596efa1d5fafc764
The configuration page in version 7.1.9 and below of op5 allows the ability to test a system command, which can be abused to run arbitrary code as an unprivileged user.
34a689b22e757960916b2b0af3d9484a9d86ebc2d53f95c0c172deab2122b07e
IPFire, a free linux based open source firewall distribution, versions prior to 2.19 Update Core 101 contain a remote command execution vulnerability in the proxy.cgi page.
4455d8714ad0f2e393232ebc31503bf395db118a9964e731f57356a841e46f2a
IPFire, a free linux based open source firewall distribution, versions 2.15 Update Core 82 and below contain an authenticated remote command execution vulnerability via shellshock in the request headers.
72f8b0873dc11b2d3d2949fc7e34c4a2aa14b2eba24cd506e1e1251f6aec3dd2
This Metasploit module will exploit the Werkzeug debug console to put down a Python shell. This debugger "must never be used on production machines" but sometimes slips passed testing. Tested against 0.9.6 on Debian, 0.9.6 on Centos, 0.10 on Debian.
c66135298bdbc3ecf2b75f9d3d628a64cee1d120ca05cf2ddac7c252fa2aba07
B-Hind CMS suffers from an arbitrary file upload vulnerability.
97ed6c0cf971ffd8874955c3bae801f0b8abdec48bef8aefbbae98eba7c9bd3c
CiviCRM version 3.1 Beta 1 suffers from a cross site scripting vulnerabilities.
9c385dd7f21fa4b7ac3daee61f0efffca14768b60a3f579137854a0c44a87584
LinkLogger version 2.4.10.15 remote denial of service exploit.
b5ade360e2c755ceed5c64b61b0c0fe4d58b6b8de7528d7ca1d1dcf726061e83
Addonics NAS Adapter remote FTP server denial of service exploit.
873f1ca01bb0427aae2c7f7b63e103edc4b0e3982b7c4fce18737c13327ee837
Addonics NAS Adapter remote denial of service exploit that leverages bts.cgi.
dc0ed7bb8a5d050cf2fc842eb643b436ee5841782f12eaa5d52ac64761bc2222
Addonics NAS adapter post authentication denial of service exploit.
b0c6cced89aa484a6d2f1ac21c2bdc2c20fbb2785596aa7bf5acaa7f417b274b