This exploit is a local root bruteforce exploit for Squirrelmail chpasswd. It allows an attacker to gain root privileges on a system by exploiting a vulnerability in the chpasswd program. The exploit uses a buffer overflow to overwrite the return address on the stack and execute arbitrary code with root privileges. The exploit requires the attacker to have access to an account belonging to the webmaster, www, or other webserver groups.
This module connects to the target system and executes the necessary commands to run the specified payload via SSH. If a native payload is specified, an appropriate stager will be used.
This module exploits a file upload vulnerability in SysAid Help Desk. The vulnerability exists in the ChangePhoto.jsp in the administrator portal, which does not correctly handle directory traversal sequences and does not enforce file extension restrictions. While an attacker needs an administrator account in order to leverage this vulnerability, there is a related Metasploit auxiliary module which can create this account under some circumstances. This module has been tested in SysAid v14.4 in both Linux and Windows.
This exploit takes advantage of a vulnerability in Flashbb version 1.1.7, allowing remote file inclusion. By manipulating the 'phpbb_root_path' parameter in the 'sendmsg.php' file, an attacker can execute arbitrary code on the target system. The exploit URL format is 'http://site.com/[path]/phpbb/sendmsg.php?phpbb_root_path=[Evil_Script>]'.
This module exploits CVE-2014-9390, which affects Git (versions less than 1.8.5.6, 1.9.5, 2.0.5, 2.1.4 and 2.2.1) and Mercurial (versions less than 3.2.3) and describes three vulnerabilities. On operating systems which have case-insensitive file systems, like Windows and OS X, Git clients can be convinced to retrieve and overwrite sensitive configuration files in the .git directory which can allow arbitrary code execution if a vulnerable client can be convinced to perform certain actions (for example, a checkout) against a malicious Git repository. A second vulnerability with similar characteristics also exists in both Git and Mercurial clients, on HFS+ file systems (Mac OS X) only, where certain Unicode codepoints are ignorable. The third vulnerability with similar characteristics only affects Mercurial clients on Windows, where Windows "short names" (MS-DOS-compatible 8.3 format) are supported. Today this module only truly supports the first vulnerability (Git clients on case-insensitive file systems) but has the functionality to support the remaining two with a little work.
ExaGrid ships a public/private key pair on their backup appliances to allow passwordless authentication to other ExaGrid appliances. Since the private key is easily retrievable, an attacker can use it to gain unauthorized remote access as root. Additionally, this module will attempt to use the default password for root, 'inflection'.
This module exploits a privilege escalation issue in Android < 4.2's WebView component that arises when untrusted Javascript code is executed by a WebView that has one or more Interfaces added to it. The untrusted Javascript code can call into the Java Reflection APIs exposed by the Interface and execute arbitrary commands. Some distributions of the Android Browser app have an addJavascriptInterface call tacked on, and thus are vulnerable to RCE. The Browser app in the Google APIs 4.1.2 release of Android is known to be vulnerable. A secondary attack vector involves the WebViews embedded inside a large number of Android applications. Ad integrations are perhaps the worst offender here. If you can MITM the WebView's HTTP connection, or if you can get a persistent XSS into the page displayed in the WebView, then you can inject the html/js served by this module and get a shell.
This exploit allows an attacker to execute SQL queries and retrieve sensitive information such as the admin username and MD5 hash. The vulnerability exists in the OpenLD version 1.2.2 and earlier. By manipulating the 'id' parameter in the URL, an attacker can inject SQL code and retrieve data from the 'settings' table.
Remote buffer overflow vulnerability in DiskSorter Enterprise 9.5.12 allows remote attackers to execute arbitrary code via a crafted GET request.
SQL Injection in ID of inferno.php a mod for vBulletin, able to retrieve admin hash/salt.
Services By CQR