Metasploit modules that can be used to exploit Rapid7 products
-
Rapid7 Metasploit Framework msfvenom APK Template Command Injection
Disclosure Date: 2020-10-29First seen: 2020-11-10exploit/unix/fileformat/metasploit_msfvenom_apk_template_cmd_injectionThis module exploits a command injection vulnerability in Metasploit Framework's msfvenom payload generator when using a crafted APK file as an Android payload template. Affects Metasploit Framework <= 6.0.11 and Metasploit Pro <= 4.18.0. The file produced by this module is a relatively empty yet valid-enough APK file. To trigger the vulnerability, the victim user should do the following: msfvenom -p android/<...> -x <crafted_file.apk> Authors: - Justin Steven -
Metasploit Libnotify Plugin Arbitrary Command Execution
Disclosure Date: 2020-03-04First seen: 2020-04-26exploit/unix/fileformat/metasploit_libnotify_cmd_injectionThis module exploits a shell command injection vulnerability in the libnotify plugin. This vulnerability affects Metasploit versions 5.0.79 and earlier. Authors: - pasta <jaguinaga@faradaysec.com> -
Metasploit HTTP(S) handler DoS
Disclosure Date: 2019-09-04First seen: 2020-04-26auxiliary/dos/http/metasploit_httphandler_dosThis module exploits the Metasploit HTTP(S) handler by sending a specially crafted HTTP request that gets added as a resource handler. Resources (which come from the external connections) are evaluated as RegEx in the handler server. Specially crafted input can trigger Gentle, Soft and Hard DoS. Tested against Metasploit 5.0.20. Authors: - Jose Garduno, Dreamlab Technologies AG - Angelo Seiler, Dreamlab Technologies AG
3 metasploit modules found
Please note: Metasploit modules are only matched by CVE numbers.
Visit metasploit web site for more details