MS15-004 Microsoft Remote Desktop Services Web Proxy IE Sandbox Escape
This Metasploit module abuses a process creation policy in Internet Explorer's sandbox, specifically the Microsoft Remote Desktop Services Web Proxy IE one, which allows the attacker to escape the...
View ArticleJava JMX Server Insecure Configuration Java Code Execution
This Metasploit module takes advantage a Java JMX interface insecure configuration, which would allow loading classes from any remote (HTTP) URL. JMX interfaces with authentication disabled...
View ArticleX360 VideoPlayer ActiveX Control Buffer Overflow
This Metasploit module exploits a buffer overflow in the VideoPlayer.ocx ActiveX installed with the X360 Software. By setting an overly long value to 'ConvertFile()',an attacker can overrun a .data...
View ArticleHP Client Automation Command Injection
This Metasploit module exploits a command injection vulnerability on HP Client Automation, distributed actually as Persistent Systems Client Automation. The vulnerability exists in the Notify Daemon...
View ArticleAdobe Flash Player ByteArray UncompressViaZlibVariant Use After Free
This Metasploit module exploits an use after free vulnerability in Adobe Flash Player. The vulnerability occurs in the ByteArray::UncompressViaZlibVariant method, when trying to uncompress() a...
View ArticleElasticSearch Search Groovy Sandbox Bypass
This Metasploit module exploits a remote command execution (RCE) vulnerability in ElasticSearch, exploitable by default on ElasticSearch prior to 1.4.3. The bug is found in the REST API, which does not...
View ArticleMicrosoft Windows Shell File Format LNK Code Execution
This Metasploit module exploits a vulnerability in the MS10-046 patch to abuse (again) the handling of Windows Shortcut files (.LNK) that contain an icon resource pointing to a malicious DLL. This...
View ArticleMicrosoft Windows Shell SMB LNK Code Execution
This Metasploit module exploits a vulnerability in the MS10-046 patch to abuse (again) the handling of Windows Shortcut files (.LNK) that contain an icon resource pointing to a malicious DLL. This...
View ArticleWordPress W3 Total Cache PHP Code Execution
This Metasploit module exploits a PHP Code Injection vulnerability against WordPress plugin W3 Total Cache for versions up to and including 0.9.2.8. WP Super Cache 1.2 or older is also reported as...
View ArticleAdobe Flash Player ByteArray With Workers Use After Free
This Metasploit module exploits an use after free vulnerability in Adobe Flash Player. The vulnerability occurs when the ByteArray assigned to the current ApplicationDomain is freed from an...
View ArticleAdobe Flash Player casi32 Integer Overflow
This Metasploit module exploits an integer overflow in Adobe Flash Player. The vulnerability occurs in the casi32 method, where an integer overflow occurs if a ByteArray of length 0 is setup as...
View ArticleAdobe Flash Player copyPixelsToByteArray Integer Overflow
This Metasploit module exploits an integer overflow in Adobe Flash Player. The vulnerability occurs in the copyPixelsToByteArray method from the BitmapData object. The position field of the destination...
View ArticleAdobe Flash Player UncompressViaZlibVariant Uninitialized Memory
This Metasploit module exploits an uninitialized memory vulnerability in Adobe Flash Player. The vulnerability occurs in the ByteArray::UncompressViaZlibVariant method, which fails to initialize...
View ArticleAdobe Flash Player NetConnection Type Confusion
This Metasploit module exploits a type confusion vulnerability in the NetConnection class on Adobe Flash Player. When using a correct memory layout this vulnerability allows to corrupt arbitrary...
View ArticleGroup Policy Script Execution From Shared Resource
This is a general-purpose module for exploiting systems with Windows Group Policy configured to load VBS startup/logon scripts from remote locations. This Metasploit module runs a SMB shared resource...
View ArticleAdobe Flash Player domainMemory ByteArray Use After Free
This Metasploit module exploits a use-after-free vulnerability in Adobe Flash Player. The vulnerability occurs when the ByteArray assigned to the current ApplicationDomain is freed from an ActionScript...
View ArticleAdobe Flash Player ShaderJob Buffer Overflow
This Metasploit module exploits a buffer overflow vulnerability related to the ShaderJob workings on Adobe Flash Player. The vulnerability happens when trying to apply a Shader setting up the same...
View ArticleAdobe Flash Player Drawing Fill Shader Memory Corruption
This Metasploit module exploits a memory corruption happening when applying a Shader as a drawing fill as exploited in the wild on June 2015. This Metasploit module has been tested successfully on:...
View ArticleAdobe Flash Player Nellymoser Audio Decoding Buffer Overflow
This Metasploit module exploits a buffer overflow on Adobe Flash Player when handling nellymoser encoded audio inside a FLV video, as exploited in the wild on June 2015. This Metasploit module has been...
View ArticleAdobe Flash Player ByteArray Use After Free
This Metasploit module exploits a use after free on Adobe Flash Player. The vulnerability, discovered by Hacking Team and made public on its July 2015 data leak, was described as a Use After Free while...
View ArticleAdobe Flash opaqueBackground Use After Free
This Metasploit module exploits an use after free on Adobe Flash Player. The vulnerability, discovered by Hacking Team and made public on its July 2015 data leak, was described as an Use After Free...
View ArticleMS15-078 Microsoft Windows Font Driver Buffer Overflow
This Metasploit module exploits a pool based buffer overflow in the atmfd.dll driver when parsing a malformed font. The vulnerability was exploited by the hacking team and disclosed on the july data...
View ArticleHP SiteScope DNS Tool Command Injection
This Metasploit module exploits a command injection vulnerability discovered in HP SiteScope 11.30 and earlier versions (tested in 11.26 and 11.30). The vulnerability exists in the DNS Tool allowing an...
View ArticleJenkins CLI RMI Java Deserialization
This Metasploit module exploits a vulnerability in Jenkins. An unsafe deserialization bug exists on the Jenkins master, which allows remote arbitrary code execution. Authentication is not required to...
View ArticleLog4Shell HTTP Header Injection
This Metasploit module will exploit an HTTP end point with the Log4Shell vulnerability by injecting a format message that will trigger an LDAP connection to Metasploit and load a payload. The Automatic...
View Article
