|
CVE-1999-0502
DB2 Authentication Brute Force Utility
|
|
This module attempts to authenticate against a DB2 instance using username and password combinations indicated by the USER_FILE, PASS_FILE, and USERPASS_FILE options. |
|
CVE-1999-0502
FTP Authentication Scanner
|
|
This module will test FTP logins on a range of machines and report successful logins. If you have loaded a database plugin and connected to a database this module will record successful logins and hosts so you can track your access. |
|
CVE-1999-0502
Dell iDRAC default Login
|
|
This module attempts to login to a iDRAC webserver instance using default username and password. Tested against Dell Remote Access Controller 6 - Express version 1.50 and 1.85 |
|
CVE-1999-0502
DLink DIR-300A / DIR-320 / DIR-615D HTTP Login Utility
|
|
This module attempts to authenticate to different DLink HTTP management services. It has been tested on D-Link DIR-300 Hardware revision A, D-Link DIR-615 Hardware revision D and D-Link DIR-320 devices. It is possible that this module also works with other models. |
|
CVE-1999-0502
DLink DIR-615H HTTP Login Utility
|
|
This module attempts to authenticate to different DLink HTTP management services. It has been tested successfully on D-Link DIR-615 Hardware revision H devices. It is possible that this module also works with other models. |
|
CVE-1999-0502
DLink DIR-300B / DIR-600B / DIR-815 / DIR-645 HTTP Login Utility
|
|
This module attempts to authenticate to different DLink HTTP management services. It has been tested successfully on D-Link DIR-300 Hardware revision B, D-Link DIR-600 Hardware revision B, D-Link DIR-815 Hardware revision A and DIR-645 Hardware revision A devices.It is possible that this module also works with other models. |
|
CVE-1999-0502
HTTP Login Utility
|
|
This module attempts to authenticate to an HTTP service. |
|
CVE-1999-0502
Tomcat Application Manager Login Utility
|
|
This module simply attempts to login to a Tomcat Application Manager instance using a specific user/pass. |
|
CVE-1999-0502
MySQL Login Utility
|
|
This module simply queries the MySQL instance for a specific user/pass (default is root with blank). |
|
CVE-1999-0502
Oracle RDBMS Login Utility
|
|
This module attempts to authenticate against an Oracle RDBMS instance using username and password combinations indicated by the USER_FILE, PASS_FILE, and USERPASS_FILE options. |
|
CVE-1999-0502
PcAnywhere Login Scanner
|
|
This module will test pcAnywhere logins on a range of machines and report successful logins. |
|
CVE-1999-0502
PostgreSQL Login Utility
|
|
This module attempts to authenticate against a PostgreSQL instance using username and password combinations indicated by the USER_FILE, PASS_FILE, and USERPASS_FILE options. |
|
CVE-1999-0502
rexec Authentication Scanner
|
|
This module will test an rexec service on a range of machines and report successful logins. NOTE: This module requires access to bind to privileged ports (below 1024). |
|
CVE-1999-0502
rlogin Authentication Scanner
|
|
This module will test an rlogin service on a range of machines and report successful logins. NOTE: This module requires access to bind to privileged ports (below 1024). |
|
CVE-1999-0502
rsh Authentication Scanner
|
|
This module will test a shell (rsh) service on a range of machines and report successful logins. NOTE: This module requires access to bind to privileged ports (below 1024). |
|
CVE-1999-0502
SSH Login Check Scanner
|
|
This module will test ssh logins on a range of machines and report successful logins. If you have loaded a database plugin and connected to a database this module will record successful logins and hosts so you can track your access. |
|
CVE-1999-0502
Telnet Login Check Scanner
|
|
This module will test a telnet login on a range of machines and report successful logins. If you have loaded a database plugin and connected to a database this module will record successful logins and hosts so you can track your access. |
|
CVE-1999-0502
VMWare Authentication Daemon Login Scanner
|
|
This module will test vmauthd logins on a range of machines and report successful logins. |
|
CVE-1999-0502
VMWare Web Login Scanner
|
|
This module attempts to authenticate to the VMWare HTTP service for VmWare Server, ESX, and ESXI |
|
CVE-1999-0502
WinRM Login Utility
|
|
This module attempts to authenticate to a WinRM service. It currently works only if the remote end allows Negotiate(NTLM) authentication. Kerberos is not currently supported. Please note: in order to use this module without SSL, the 'AllowUnencrypted' winrm option must be set. Otherwise adjust the port and set the SSL options in the module as appropriate. |
|
CVE-1999-0502
SSH User Code Execution
|
|
This module utilizes a stager to upload a base64 encoded binary which is then decoded, chmod'ed and executed from the command shell. |
|
CVE-2001-0797
System V Derived /bin/login Extraneous Arguments Buffer Overflow
|
|
This exploit connects to a system's modem over dialup and exploits a buffer overlflow vulnerability in it's System V derived /bin/login. The vulnerability is triggered by providing a large number of arguments. |
|
CVE-2001-0797
Solaris in.telnetd TTYPROMPT Buffer Overflow
|
|
This module uses a buffer overflow in the Solaris 'login' application to bypass authentication in the telnet daemon. |
|
CVE-2001-1583
Solaris LPD Command Execution
|
|
This module exploits an arbitrary command execution flaw in the in.lpd service shipped with all versions of Sun Solaris up to and including 8.0. This module uses a technique discovered by Dino Dai Zovi to exploit the flaw without needing to know the resolved name of the attacking system. |
|
CVE-2003-0027
Solaris KCMS + TTDB Arbitrary File Read
|
|
This module targets a directory traversal vulnerability in the kcms_server component from the Kodak Color Management System. By utilizing the ToolTalk Database Server\'s TT_ISBUILD procedure, an attacker can bypass existing directory traversal validation and read arbitrary files. Vulnerable systems include Solaris 2.5 - 9 SPARC and x86. Both kcms_server and rpc.ttdbserverd must be running on the target host. |
|
CVE-2003-0201
Samba trans2open Overflow (*BSD x86)
|
|
This exploits the buffer overflow found in Samba versions 2.2.0 to 2.2.8. This particular module is capable of exploiting the flaw on x86 Linux systems that do not have the noexec stack option set. |
|
CVE-2003-0201
Samba trans2open Overflow (Linux x86)
|
|
This exploits the buffer overflow found in Samba versions 2.2.0 to 2.2.8. This particular module is capable of exploiting the flaw on x86 Linux systems that do not have the noexec stack option set. NOTE: Some older versions of RedHat do not seem to be vulnerable since they apparently do not allow anonymous access to IPC. |
|
CVE-2003-0201
Samba trans2open Overflow (Mac OS X PPC)
|
|
This exploits the buffer overflow found in Samba versions 2.2.0 to 2.2.8. This particular module is capable of exploiting the bug on Mac OS X PowerPC systems. |
|
CVE-2003-0201
Samba trans2open Overflow (Solaris SPARC)
|
|
This exploits the buffer overflow found in Samba versions 2.2.0 to 2.2.8. This particular module is capable of exploiting the flaw on Solaris SPARC systems that do not have the noexec stack option set. Big thanks to MC and valsmith for resolving a problem with the beta version of this module. |
|
CVE-2003-0694
Sendmail SMTP Address prescan <= 8.12.8 Memory Corruption
|
|
This is a proof of concept denial of service module for Sendmail versions 8.12.8 and earlier. The vulnerability is within the prescan() method when parsing SMTP headers. Due to the prescan function, only 0x5c and 0x00 bytes can be used, limiting the likelihood for arbitrary code execution. |
|
CVE-2003-0722
Solaris sadmind Command Execution
|
|
This exploit targets a weakness in the default security settings of the sadmind RPC application. This server is installed and enabled by default on most versions of the Solaris operating system. Vulnerable systems include solaris 2.7, 8, and 9 |
|
CVE-2005-3398
HTTP Options Detection
|
|
Display available HTTP options for each system |
|
CVE-2005-4797
Solaris LPD Arbitrary File Delete
|
|
This module uses a vulnerability in the Solaris line printer daemon to delete arbitrary files on an affected system. This can be used to exploit the rpc.walld format string flaw, the missing krb5.conf authentication bypass, or simply delete system files. Tested on Solaris 2.6, 7, 8, 9, and 10. |
|
CVE-2007-0882
Sun Solaris Telnet Remote Authentication Bypass Vulnerability
|
|
This module exploits the argument injection vulnerabilty in the telnet daemon (in.telnetd) of Solaris 10 and 11. |
|
CVE-2008-4556
Sun Solaris sadmind adm_build_path() Buffer Overflow
|
|
This module exploits a buffer overflow vulnerability in adm_build_path() function of sadmind daemon. The distributed system administration daemon (sadmind) is the daemon used by Solstice AdminSuite applications to perform distributed system administration operations. The sadmind daemon is started automatically by the inetd daemon whenever a request to invoke an operation is received. The sadmind daemon process continues to run for 15 minutes after the last request is completed, unless a different idle-time is specified with the -i command line option. The sadmind daemon may be started independently from the command line, for example, at system boot time. In this case, the -i option has no effect; sadmind continues to run, even if there are no active requests. |
