exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 65 RSS Feed

Files from temp66

Email addresstemp66 at gmail.com
First Active2012-12-10
Last Active2024-09-01
WordPress GI-Media Library Plugin Directory Traversal
Posted Sep 1, 2024
Authored by Roberto S. Soares, temp66 | Site metasploit.com

This Metasploit module exploits a directory traversal vulnerability in WordPress Plugin GI-Media Library version 2.2.2, allowing to read arbitrary files from the system with the web server privileges. This Metasploit module has been tested successfully on GI-Media Library version 2.2.2 with WordPress 4.1.3 on Ubuntu 12.04 Server.

tags | exploit, web, arbitrary
systems | linux, ubuntu
SHA-256 | 4637d0531dbebb743c37a40d416ad765721de72ea5268f18b423993d68d22ed6
Indusoft WebStudio NTWebServer Remote File Access
Posted Aug 31, 2024
Authored by juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits a directory traversal vulnerability in Indusoft WebStudio. The vulnerability exists in the NTWebServer component and allows to read arbitrary remote files with the privileges of the NTWebServer process. The module has been tested successfully on Indusoft WebStudio 6.1 SP6.

tags | exploit, remote, arbitrary
advisories | CVE-2011-1900
SHA-256 | d242b8007726d97afc7ca45d4fdc57dd3eea44c1e53c5a4a3eff01999ce2fbaa
Veritas Backup Exec Windows Remote File Access
Posted Aug 31, 2024
Authored by H D Moore, temp66 | Site metasploit.com

This Metasploit module abuses a logic flaw in the Backup Exec Windows Agent to download arbitrary files from the system. This flaw was found by someone who wishes to remain anonymous and affects all known versions of the Backup Exec Windows Agent. The output file is in MTF format, which can be extracted by the NTKBUp program listed in the references section. To transfer an entire directory, specify a path that includes a trailing backslash.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2005-2611
SHA-256 | 226940d66a9c4cacaf0a73b81c75fdaea375765b84cbee186b391bbf5c6295da
Atlassian Confluence Data Center And Server Authentication Bypass Via Broken Access Control
Posted Aug 31, 2024
Authored by temp66, Emir Polat | Site metasploit.com

This Metasploit module exploits a broken access control vulnerability in Atlassian Confluence servers leading to an authentication bypass. A specially crafted request can be create new admin account without authentication on the target Atlassian server.

tags | exploit
advisories | CVE-2023-22515
SHA-256 | 4b9c8ff2a00bfcb510bc8d0808226331e1d0aff918dc0237aea9ac812e546033
VBulletin Administrator Account Creation
Posted Aug 31, 2024
Authored by juan vazquez, temp66 | Site metasploit.com

This Metasploit module abuses the "install/upgrade.php" component on vBulletin 4.1+ and 4.5+ to create a new administrator account, as exploited in the wild on October 2013. This Metasploit module has been tested successfully on vBulletin 4.1.5 and 4.1.0.

tags | exploit, php
advisories | CVE-2013-6129
SHA-256 | c24deea47d1ee74b3fe339182867838b53b59f6e667d57d1dedb6d10ded9c962
Netgear PNPX_GetShareFolderList Authentication Bypass
Posted Aug 31, 2024
Authored by temp66, Grant Willcox | Site metasploit.com

This Metasploit module targets an authentication bypass vulnerability in the mini_http binary of several Netgear Routers running firmware versions prior to 1.2.0.88, 1.0.1.80, 1.1.0.110, and 1.1.0.84. The vulnerability allows unauthenticated attackers to reveal the password for the admin user that is used to log into the routers administrative portal, in plaintext. Once the password has been been obtained, the exploit enables telnet on the target router and then utiltizes the auxiliary/scanner/telnet/telnet_login module to log into the router using the stolen credentials of the admin user. This will result in the attacker obtaining a new telnet session as the "root" user. This vulnerability was discovered and exploited by an independent security researcher who reported it to SSD.

tags | exploit, root, bypass
SHA-256 | b64800ebe35ccd348243151eddc846891e371e499d5629a34a60850c0cbe7c61
Webmin Edit_html.cgi File Parameter Traversal Arbitrary File Access
Posted Aug 31, 2024
Authored by juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits a directory traversal in Webmin 1.580. The vulnerability exists in the edit_html.cgi component and allows an authenticated user with access to the File Manager Module to access arbitrary files with root privileges. The module has been tested successfully with Webmin 1.580 over Ubuntu 10.04.

tags | exploit, arbitrary, cgi, root
systems | linux, ubuntu
advisories | CVE-2012-2983
SHA-256 | 6c0a9a2b80ec4a4d227511510ff034d0be1d1387d4299cbb7189ca3bd983eb19
GE Proficy Cimplicity WebView Substitute.bcl Directory Traversal
Posted Aug 31, 2024
Authored by juan vazquez, temp66 | Site metasploit.com

This Metasploit module abuses a directory traversal in GE Proficy Cimplicity, specifically on the gefebt.exe component used by the WebView, in order to retrieve arbitrary files with SYSTEM privileges. This Metasploit module has been tested successfully on GE Proficy Cimplicity 7.5.

tags | exploit, arbitrary
advisories | CVE-2013-0653
SHA-256 | 399b0eee758032932eba32ff6fed11465025c0f8035b5842a50ac246dcef29c6
Firefox PDF.js Browser File Theft
Posted Aug 31, 2024
Authored by temp66, fukusa | Site metasploit.com

This Metasploit module abuses an XSS vulnerability in versions prior to Firefox 39.0.3, Firefox ESR 38.1.1, and Firefox OS 2.2 that allows arbitrary files to be stolen. The vulnerability occurs in the PDF.js component, which uses Javascript to render a PDF inside a frame with privileges to read local files. The in-the-wild malicious payloads searched for sensitive files on Windows, Linux, and OSX. Android versions are reported to be unaffected, as they do not use the Mozilla PDF viewer.

tags | exploit, arbitrary, local, javascript
systems | linux, windows, apple
advisories | CVE-2015-4495
SHA-256 | 51c57f3920e9435bf62bbd93f1635f5a4935408c0f9db23d25b25d8babebaaee
Apache Commons FileUpload and Apache Tomcat Denial of Service
Posted Aug 31, 2024
Authored by temp66, ribeirux | Site metasploit.com

This Metasploit module triggers an infinite loop in Apache Commons FileUpload 1.0 through 1.3 via a specially crafted Content-Type header. Apache Tomcat 7 and Apache Tomcat 8 use a copy of FileUpload to handle mime-multipart requests, therefore, Apache Tomcat 7.0.0 through 7.0.50 and 8.0.0-RC1 through 8.0.1 are affected by this issue. Tomcat 6 also uses Commons FileUpload as part of the Manager application.

tags | exploit
advisories | CVE-2014-0050
SHA-256 | 63eac7fcd95f58645fc48d32a1a79fb24dc1ef11c2c9b732b7c026ca3dac1537
HP Mercury LoadRunner Agent magentproc.exe Remote Command Execution
Posted Dec 30, 2017
Authored by temp66, aushack | Site metasploit.com

This Metasploit module exploits a remote command execution vulnerability in HP LoadRunner before 9.50 and also HP Performance Center before 9.50. HP LoadRunner 12.53 and other versions are also most likely vulnerable if the (non-default) SSL option is turned off. By sending a specially crafted packet, an attacker can execute commands remotely. The service is vulnerable provided the Secure Channel feature is disabled (default).

tags | exploit, remote
advisories | CVE-2010-1549
SHA-256 | 0bfa24b3a3de55a83f6e1af498795fa6d0ddf8b35ad4a3fdfc280bd24cc80dd2
AlienVault USM/OSSIM 5.3.4 / 5.3.5 Remote Command Execution
Posted Apr 14, 2017
Authored by temp66, Peter Lapp | Site metasploit.com

This Metasploit module exploits an unauthenticated command injection in Alienvault USM/OSSIM versions 5.3.4 and 5.3.5. The vulnerability lies in an API function that does not check for authentication and then passes user input directly to a system call as root.

tags | exploit, root
SHA-256 | d72c139011d02b5dd53490824fea6a9d33d4ea93c69d1eaa4c8702f390b4d945
WordPress Ajax Load More PHP Upload
Posted Nov 9, 2015
Authored by temp66 | Site metasploit.com

This Metasploit module exploits an arbitrary file upload in the WordPress Ajax Load More version 2.8.1.1. It allows you to upload arbitrary php files and get remote code execution. This Metasploit module has been tested successfully on WordPress Ajax Load More 2.8.0 with WordPress 4.1.3 on Ubuntu 12.04/14.04 Server.

tags | exploit, remote, arbitrary, php, code execution, file upload
systems | linux, ubuntu
SHA-256 | 11f7539e7ef47eff9d74ba4f4c35c661e3f3e8bfd87cbe2130c13dbb4e6eb011
Nibbleblog File Upload
Posted Oct 18, 2015
Authored by temp66 | Site metasploit.com

Nibbleblog contains a flaw that allows an authenticated remote attacker to execute arbitrary PHP code. This Metasploit module was tested on version 4.0.3.

tags | exploit, remote, arbitrary, php
SHA-256 | 242036a885cccb63f5c9c28d79b7d7806419522622349b78f0a9c6bab6968a41
Firefox PDF.js Privileged Javascript Injection
Posted Aug 23, 2015
Authored by temp66, joev, Marius Mlynski | Site metasploit.com

This Metasploit module gains remote code execution on Firefox 35-36 by abusing a privilege escalation bug in resource:// URIs. PDF.js is used to exploit the bug. This exploit requires the user to click anywhere on the page to trigger the vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2015-0816
SHA-256 | c7380b4bd424349eceddb0191b851de4ff91a0a5afb8b3430ceffce5b834c992
Adobe Flash opaqueBackground Use After Free
Posted Jul 13, 2015
Authored by sinn3r, juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits an use after free on Adobe Flash Player. The vulnerability, discovered by Hacking Team and made public on its July 2015 data leak, was described as an Use After Free while handling the opaqueBackground property 7 setter of the flash.display.DisplayObject class. This Metasploit module is an early release tested on: Windows 7 SP1 (32-bit), IE11 and Adobe Flash 18.0.0.203, Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 18.0.0.194, Windows 7 SP1 (32-bit), IE9 and Adobe Flash Flash 18.0.0.203, Windows 7 SP1 (32-bit), Firefox + Adobe Flash 18.0.0.194, windows 8.1, Firefox and Adobe Flash 18.0.0.203, Windows 8.1, Firefox and Adobe Flash 18.0.0.160, and Windows 8.1, Firefox and Adobe Flash 18.0.0.194

tags | exploit
systems | windows
advisories | CVE-2015-5122
SHA-256 | 8ce9c20b7334d2feb9c4fe25343ecb322adf1f1d89bf09897d3a0ae1ed81bb41
Adobe Flash Player ByteArray Use After Free
Posted Jul 8, 2015
Authored by sinn3r, juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits a use after free on Adobe Flash Player. The vulnerability, discovered by Hacking Team and made public on its July 2015 data leak, was described as a Use After Free while handling ByteArray objects. This Metasploit module has been tested successfully on: Windows 7 SP1 (32-bit), IE11 and Adobe Flash 18.0.0.194, Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 18.0.0.194, Windows 8.1 (32-bit), Firefox and Adobe Flash 18.0.0.194, Windows 8.1 (32-bit), IE11 and Flash 17.0.0.169, and Linux Mint "Rebecca" (32 bits), Firefox 33.0 and Adobe Flash 11.2.202.468.

tags | exploit
systems | linux, windows
advisories | CVE-2015-5119
SHA-256 | 41ca06ad850b25d5a2ca76c0d342a370ac7d388de97dc2ba2d73946fcb6a325b
Adobe Flash Player Nellymoser Audio Decoding Buffer Overflow
Posted Jul 3, 2015
Authored by juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits a buffer overflow on Adobe Flash Player when handling nellymoser encoded audio inside a FLV video, as exploited in the wild on June 2015. This Metasploit module has been tested successfully on: Windows 7 SP1 (32-bit), IE11 and Adobe Flash 18.0.0.160, Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 18.0.0.160, Windows 8.1, Firefox 38.0.5 and Adobe Flash 18.0.0.160, Linux Mint "Rebecca" (32 bits), Firefox 33.0 and Adobe Flash 11.2.202.466, and Ubuntu 14.04.2 LTS, Firefox 35.01, and Adobe Flash 11.2.202.466. Note that this exploit is effective against both CVE-2015-3113 and the earlier CVE-2015-3043, since CVE-2015-3113 is effectively a regression to the same root cause as CVE-2015-3043.

tags | exploit, overflow, root
systems | linux, windows, ubuntu
advisories | CVE-2015-3043, CVE-2015-3113
SHA-256 | df6c07c8c61e9ddc1ee258859a800c72ade8287343881e5bac8140e590346c42
Adobe Flash Player Drawing Fill Shader Memory Corruption
Posted Jun 27, 2015
Authored by Chris Evans, juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits a memory corruption happening when applying a Shader as a drawing fill as exploited in the wild on June 2015. This Metasploit module has been tested successfully on: Windows 7 SP1 (32-bit), IE11 and Adobe Flash 17.0.0.188, Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 17.0.0.188, Windows 8.1, Firefox 38.0.5 and Adobe Flash 17.0.0.188, and Linux Mint "Rebecca" (32 bits), Firefox 33.0 and Adobe Flash 11.2.202.460.

tags | exploit
systems | linux, windows
advisories | CVE-2015-3105
SHA-256 | a2184f47ed1174e50ad69f7fd1808a0bfb8843fb0450d0e5bd5891aa520131cd
Microsoft Windows ClientCopyImage Improper Object Handling
Posted Jun 22, 2015
Authored by temp66, OJ Reeves, hfirefox | Site metasploit.com

This Metasploit module exploits improper object handling in the win32k.sys kernel mode driver. This Metasploit module has been tested on vulnerable builds of Windows 7 x64 and x86, and Windows 2008 R2 SP1 x64.

tags | exploit, x86, kernel
systems | windows
advisories | CVE-2015-1701
SHA-256 | 1b4009bd1a5cf1594526be1c3c92cca6c5d12b793c2e559d0e4e7218d3be8242
Adobe Flash Player ShaderJob Buffer Overflow
Posted Jun 19, 2015
Authored by Chris Evans, juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits a buffer overflow vulnerability related to the ShaderJob workings on Adobe Flash Player. The vulnerability happens when trying to apply a Shader setting up the same Bitmap object as src and destination of the ShaderJob. Modifying the "width" attribute of the ShaderJob after starting the job it's possible to create a buffer overflow condition where the size of the destination buffer and the length of the copy are controlled.

tags | exploit, overflow
advisories | CVE-2015-3090
SHA-256 | 85ac61cf4df86a48ba3ebb5575fe809cd20d6d403d015526e3943526ed3262d0
Adobe Flash Player domainMemory ByteArray Use After Free
Posted May 7, 2015
Authored by juan vazquez, temp66, hdarwin, bilou | Site metasploit.com

This Metasploit module exploits a use-after-free vulnerability in Adobe Flash Player. The vulnerability occurs when the ByteArray assigned to the current ApplicationDomain is freed from an ActionScript worker, when forcing a reallocation by copying more contents than the original capacity, but Flash forgets to update the domainMemory pointer, leading to a use-after-free situation when the main worker references the domainMemory again. This Metasploit module has been tested successfully on Windows 7 SP1 (32-bit), IE 8 and IE11 with Flash 17.0.0.134.

tags | exploit
systems | windows
advisories | CVE-2015-0359
SHA-256 | 35afddd5d3435bc9a7d573d702fbd4a8ffa05be42f3a36a7f8f99095dcaea8ed
Adobe Flash Player NetConnection Type Confusion
Posted May 7, 2015
Authored by juan vazquez, temp66, Natalie Silvanovich | Site metasploit.com

This Metasploit module exploits a type confusion vulnerability in the NetConnection class on Adobe Flash Player. When using a correct memory layout this vulnerability allows to corrupt arbitrary memory. It can be used to overwrite dangerous objects, like vectors, and finally accomplish remote code execution. This Metasploit module has been tested successfully on Windows 7 SP1 (32-bit), IE 8 and IE11 with Flash 16.0.0.305.

tags | exploit, remote, arbitrary, code execution
systems | windows
advisories | CVE-2015-0336
SHA-256 | 177e5f47d74fe85d6aa8d57dccbc5f1b1e2484a8de35f89d42b20aef2b6ffe99
Adobe Flash Player UncompressViaZlibVariant Uninitialized Memory
Posted May 1, 2015
Authored by Nicolas Joly, juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits an uninitialized memory vulnerability in Adobe Flash Player. The vulnerability occurs in the ByteArray::UncompressViaZlibVariant method, which fails to initialize allocated memory. When using a correct memory layout this vulnerability leads to a ByteArray object corruption, which can be abused to access and corrupt memory. This Metasploit module has been tested successfully on Windows 7 SP1 (32-bit), IE 8 and IE11 with Flash 15.0.0.189.

tags | exploit
systems | windows
advisories | CVE-2014-8440
SHA-256 | 5e90527feb81af64901755b776a489cf3494498219d1281419ecb16f62818f6f
WordPress Reflex Gallery Upload
Posted Apr 19, 2015
Authored by temp66 | Site metasploit.com

This Metasploit module exploits an arbitrary PHP code upload in the WordPress Reflex Gallery version 3.1.3. The vulnerability allows for arbitrary file upload and remote code execution.

tags | exploit, remote, arbitrary, php, code execution, file upload
advisories | OSVDB-88853
SHA-256 | 66a2afe428abc2bc5fd7a07e29076cf8d642726dfba85da1125d083fa522fa6e
Page 1 of 3
Back123Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close