Calibre 7.15.0 Python Code Injection
This Metasploit module exploits a Python code injection vulnerability in the Content Server component of Calibre version 6.9.0 through 7.15.0. Once enabled (disabled by default), it will listen in its...
View ArticleDiCal-RED 4009 Missing Authentication
DiCal-RED version 4009 provides a Telnet service on TCP port 23. This service grants access to an interactive shell as the system's root user and does not require authentication.
View ArticleDiCal-RED 4009 Missing Authentication
DiCal-RED version 4009 provides an FTP service on TCP port 21. This service allows anonymous access, i.e. logging in as the user "anonymous" with an arbitrary password. Anonymous users get read access...
View ArticleDiCal-RED 4009 Information Disclosure
DiCal-RED version 4009 provides a network server on TCP port 2101. This service does not seem to process any input, but it regularly sends data to connected clients. This includes operation messages...
View ArticleGNUnet P2P Framework 0.22.0
GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer...
View Article7-Technologies IGSS 9 IGSSdataServer.exe Denial Of Service
The 7-Technologies SCADA IGSS Data Server (IGSSdataServer.exe) versions 9.0.0.10306 and below can be brought down by sending a crafted TCP packet to port 12401.
View ArticleApache mod_isapi Dangling Pointer
This Metasploit module triggers a use-after-free vulnerability in the Apache Software Foundation mod_isapi extension for versions 2.2.14 and earlier. In order to reach the vulnerable code, the target...
View ArticleJuniper JunOS Malformed TCP Option
This Metasploit module exploits a denial of service vulnerability in Juniper Networks JunOS router operating system. By sending a TCP packet with TCP option 101 set, an attacker can cause an affected...
View ArticleApache ZooKeeper Information Disclosure
Apache ZooKeeper server service runs on TCP 2181 and by default, it is accessible without any authentication. This Metasploit module targets Apache ZooKeeper service instances to extract information...
View ArticleCheckPoint Firewall-1 SecuRemote Topology Service Hostname Disclosure
This Metasploit module sends a query to the port 264/TCP on CheckPoint Firewall-1 firewalls to obtain the firewall name and management station (such as SmartCenter) name via a pre-authentication...
View ArticleWPAD.dat File Server
This Metasploit module generates a valid wpad.dat file for WPAD mitm attacks. Usually this module is used in combination with DNS attacks or the NetBIOS Name Service Spoofer module. Please remember as...
View ArticlePhoenixContact PLC Remote START/STOP Command
PhoenixContact Programmable Logic Controllers are built upon a variant of ProConOS. Communicating using a proprietary protocol over ports TCP/1962 and TCP/41100 or TCP/20547. It allows a remote user to...
View ArticleNetgear R6700v3 Unauthenticated LAN Admin Password Reset
This Metasploit module targets ZDI-20-704 (aka CVE-2020-10924), a buffer overflow vulnerability in the UPNP daemon (/usr/sbin/upnpd), on Netgear R6700v3 routers running firmware versions from V1.0.2.62...
View ArticleSielco Sistemi Winlog Remote File Access
This Metasploit module exploits a directory traversal in Sielco Sistemi Winlog. The vulnerability exists in the Runtime.exe service and can be triggered by sending a specially crafted packet to the...
View ArticleTitan FTP Administrative Password Disclosure
On Titan FTP servers prior to version 9.14.1628, an attacker can retrieve the username and password for the administrative XML-RPC interface, which listens on TCP Port 31001 by default, by sending an...
View ArticleSurgeNews User Credentials
This Metasploit module exploits a vulnerability in the WebNews web interface of SurgeNews on TCP ports 9080 and 8119 which allows unauthenticated users to download arbitrary files from the software...
View ArticleEasyCafe Server Remote File Access
This Metasploit module exploits a file retrieval vulnerability in EasyCafe Server. The vulnerability can be triggered by sending a specially crafted packet (opcode 0x43) to the 831/TCP port. This...
View ArticleRay Sharp DVR Password Retriever
This Metasploit module takes advantage of a protocol design issue with the Ray Sharp based DVR systems. It is possible to retrieve the username and password through the TCP service running on port...
View ArticleNovell ZENworks Configuration Management Preboot Service Remote File Access
This Metasploit module exploits a directory traversal in the ZENworks Configuration Management. The vulnerability exists in the Preboot service and can be triggered by sending a specially crafted...
View ArticleSamhain File Integrity Checker 4.5.1
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server....
View ArticleGNUnet P2P Framework 0.22.1
GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer...
View ArticleGNUnet P2P Framework 0.22.2
GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer...
View Article