-
invscout RPM Privilege Escalation
Disclosure Date: 2023-04-24First seen: 2023-09-11exploit/aix/local/invscout_rpm_priv_escThis module exploits a command injection vulnerability in IBM AIX invscout set-uid root utility present in AIX 7.2 and earlier. The undocumented -rpm argument can be used to install an RPM file; and the undocumented -o argument passes arguments to the rpm utility without validation, leading to command injection with effective-uid root privileges. This module has been tested successfully on AIX 7.2. Authors: - Tim Brown - bcoles <bcoles@gmail.com> -
SSL/TLS Version Detection
Disclosure Date: 2014-10-14First seen: 2022-12-23auxiliary/scanner/ssl/ssl_versionCheck if a server supports a given version of SSL/TLS and cipher suites. The certificate is stored in loot, and any known vulnerabilities against that SSL version and cipher suite combination are checked. These checks include POODLE, deprecated protocols, expired/not valid certs, low key strength, null cipher suites, certificates signed with MD5, DROWN, RC4 ciphers, exportable ciphers, LOGJAM, and BEAST. Authors: - todb <todb@metasploit.com> - et <et@metasploit.com> - Chris John Riley - Veit Hailperin <hailperv@gmail.com> - h00die -
ibstat $PATH Privilege Escalation
Disclosure Date: 2013-09-24First seen: 2020-04-26exploit/aix/local/ibstat_pathThis module exploits the trusted $PATH environment variable of the SUID binary "ibstat". Authors: - Kristian Erik Hermansen - Sagi Shahar <sagi.shahar@mwrinfosecurity.com> - Kostas Lintovois <kostas.lintovois@mwrinfosecurity.com> -
AIX Calendar Manager Service Daemon (rpc.cmsd) Opcode 21 Buffer Overflow
Disclosure Date: 2009-10-07First seen: 2020-04-26exploit/aix/rpc_cmsd_opcode21This module exploits a buffer overflow vulnerability in opcode 21 handled by rpc.cmsd on AIX. By making a request with a long string passed to the first argument of the "rtable_create" RPC, a stack based buffer overflow occurs. This leads to arbitrary code execution. NOTE: Unsuccessful attempts may cause inetd/portmapper to enter a state where further attempts are not possible. Authors: - Rodrigo Rubira Branco (BSDaemon) - jduck <jduck@metasploit.com> -
ToolTalk rpc.ttdbserverd _tt_internal_realpath Buffer Overflow (AIX)
Disclosure Date: 2009-06-17First seen: 2020-04-26exploit/aix/rpc_ttdbserverd_realpathThis module exploits a buffer overflow vulnerability in _tt_internal_realpath function of the ToolTalk database server (rpc.ttdbserverd). Authors: - Ramon de C Valle <rcvalle@metasploit.com> - Adriano Lima <adriano@risesecurity.org> -
Sendmail SMTP Address prescan Memory Corruption
Disclosure Date: 2003-09-17First seen: 2020-04-26auxiliary/dos/smtp/sendmail_prescanThis is a proof of concept denial of service module for Sendmail versions 8.12.8 and earlier. The vulnerability is within the prescan() method when parsing SMTP headers. Due to the prescan function, only 0x5c and 0x00 bytes can be used, limiting the likelihood for arbitrary code execution. Authors: - aushack <patrick@osisecurity.com.au> -
Solaris in.telnetd TTYPROMPT Buffer Overflow
Disclosure Date: 2002-01-18First seen: 2020-04-26exploit/solaris/telnet/ttypromptThis module uses a buffer overflow in the Solaris 'login' application to bypass authentication in the telnet daemon. Authors: - MC <mc@metasploit.com> - cazz <bmc@shmoo.com> -
System V Derived /bin/login Extraneous Arguments Buffer Overflow
Disclosure Date: 2001-12-12First seen: 2020-04-26exploit/dialup/multi/login/manyargsThis exploit connects to a system's modem over dialup and exploits a buffer overflow vulnerability in it's System V derived /bin/login. The vulnerability is triggered by providing a large number of arguments. Authors: - I)ruid <druid@caughq.org>
8 metasploit modules found
Please note: Metasploit modules are only matched by CVE numbers.
Visit metasploit web site for more details