Metasploit modules that can be used to exploit IBM products

Order by Disclosure Date Module Name Module Type
  • Apache Tomcat Manager Application Deployer Authenticated Code Execution
    Disclosure Date: 2009-11-09
    First seen: 2020-04-26
    exploit/multi/http/tomcat_mgr_deploy
    This module can be used to execute a payload on Apache Tomcat servers that have an exposed "manager" application. The payload is uploaded as a WAR archive containing a jsp application using a PUT request. The manager application can also be abused using /manager/html/upload, but that method is not implemented in this module. NOTE: The compatible payload sets vary based on the selected target. For example, you must select the Windows target to use native Windows payloads. Authors: - jduck <jduck@metasploit.com>
  • Apache Tomcat Manager Authenticated Upload Code Execution
    Disclosure Date: 2009-11-09
    First seen: 2020-04-26
    exploit/multi/http/tomcat_mgr_upload
    This module can be used to execute a payload on Apache Tomcat servers that have an exposed "manager" application. The payload is uploaded as a WAR archive containing a jsp application using a POST request against the /manager/html/upload component. NOTE: The compatible payload sets vary based on the selected target. For example, you must select the Windows target to use native Windows payloads. Authors: - rangercha
  • IBM Tivoli Storage Manager Express RCA Service Buffer Overflow
    Disclosure Date: 2009-11-04
    First seen: 2020-04-26
    exploit/windows/misc/ibm_tsm_rca_dicugetidentify
    This module exploits a stack buffer overflow in the IBM Tivoli Storage Manager Express Remote Client Agent service. By sending a "dicuGetIdentify" request packet containing a long NodeName parameter, an attacker can execute arbitrary code. NOTE: this exploit first connects to the CAD service to start the RCA service and obtain the port number on which it runs. This service does not restart. Authors: - jduck <jduck@metasploit.com>
  • IBM Tivoli Storage Manager Express CAD Service Buffer Overflow
    Disclosure Date: 2009-11-04
    First seen: 2020-04-26
    exploit/windows/misc/ibm_tsm_cad_ping
    This module exploits a stack buffer overflow in the IBM Tivoli Storage Manager Express CAD Service. By sending a "ping" packet containing a long string, an attacker can execute arbitrary code. NOTE: the dsmcad.exe service must be in a particular state (CadWaitingStatus = 1) in order for the vulnerable code to be reached. This state doesn't appear to be reachable when the TSM server is not running. This service does not restart. Authors: - jduck <jduck@metasploit.com>
  • AIX Calendar Manager Service Daemon (rpc.cmsd) Opcode 21 Buffer Overflow
    Disclosure Date: 2009-10-07
    First seen: 2020-04-26
    exploit/aix/rpc_cmsd_opcode21
    This module exploits a buffer overflow vulnerability in opcode 21 handled by rpc.cmsd on AIX. By making a request with a long string passed to the first argument of the "rtable_create" RPC, a stack based buffer overflow occurs. This leads to arbitrary code execution. NOTE: Unsuccessful attempts may cause inetd/portmapper to enter a state where further attempts are not possible. Authors: - Rodrigo Rubira Branco (BSDaemon) - jduck <jduck@metasploit.com>
  • ToolTalk rpc.ttdbserverd _tt_internal_realpath Buffer Overflow (AIX)
    Disclosure Date: 2009-06-17
    First seen: 2020-04-26
    exploit/aix/rpc_ttdbserverd_realpath
    This module exploits a buffer overflow vulnerability in _tt_internal_realpath function of the ToolTalk database server (rpc.ttdbserverd). Authors: - Ramon de C Valle <rcvalle@metasploit.com> - Adriano Lima <adriano@risesecurity.org>
  • IBM Access Support ActiveX Control Buffer Overflow
    Disclosure Date: 2009-03-24
    First seen: 2020-04-26
    exploit/windows/browser/ibmegath_getxmlvalue
    This module exploits a stack buffer overflow in IBM Access Support. When sending an overly long string to the GetXMLValue() method of IbmEgath.dll (3.20.284.0) an attacker may be able to execute arbitrary code. Authors: - MC <mc@metasploit.com>
  • IBM System Director Agent DLL Injection
    Disclosure Date: 2009-03-10
    First seen: 2020-04-26
    exploit/windows/misc/ibm_director_cim_dllinject
    This module abuses the "wmicimsv" service on IBM System Director Agent 5.20.3 to accomplish arbitrary DLL injection and execute arbitrary code with SYSTEM privileges. In order to accomplish remote DLL injection it uses a WebDAV service as disclosed by kingcope on December 2012. Because of this, the target host must have the WebClient service (WebDAV Mini-Redirector) enabled. It is enabled and automatically started by default on Windows XP SP3, but disabled by default on Windows 2003 SP2. Authors: - Bernhard Mueller - kingcope - juan vazquez <juan.vazquez@metasploit.com>
  • IBM Lotus Domino Sametime STMux.exe Stack Buffer Overflow
    Disclosure Date: 2008-05-21
    First seen: 2020-04-26
    exploit/windows/lotus/domino_sametime_stmux
    This module exploits a stack buffer overflow in Lotus Domino\'s Sametime Server. By sending an overly long POST request to the Multiplexer STMux.exe service we are able to overwrite SEH. Based on the exploit by Manuel Santamarina Suarez. Authors: - aushack <patrick@osisecurity.com.au> - riaf <riaf@mysec.org>
  • IBM Lotus Domino Web Server Accept-Language Stack Buffer Overflow
    Disclosure Date: 2008-05-20
    First seen: 2020-04-26
    exploit/windows/lotus/domino_http_accept_language
    This module exploits a stack buffer overflow in IBM Lotus Domino Web Server prior to version 7.0.3FP1 and 8.0.1. This flaw is triggered by any HTTP request with an Accept-Language header greater than 114 bytes. Authors: - Fairuzan Roslan <riaf@mysec.org> - Earl Marcus klks <Earl Marcus klks@mysec.org>
  • IBM Lotus Domino Web Access Upload Module Buffer Overflow
    Disclosure Date: 2007-12-20
    First seen: 2020-04-26
    exploit/windows/browser/ibmlotusdomino_dwa_uploadmodule
    This module exploits a stack buffer overflow in IBM Lotus Domino Web Access Upload Module. By sending an overly long string to the "General_ServerName()" property located in the dwa7w.dll and the inotes6w.dll control, an attacker may be able to execute arbitrary code. Authors: - Elazar Broad <elazarb@earthlink.net>
  • IBM Tivoli Storage Manager Express CAD Service Buffer Overflow
    Disclosure Date: 2007-09-24
    First seen: 2020-04-26
    exploit/windows/http/ibm_tsm_cad_header
    This module exploits a stack buffer overflow in the IBM Tivoli Storage Manager Express CAD Service (5.3.3). By sending an overly long GET request, it may be possible for an attacker to execute arbitrary code. Authors: - MC <mc@metasploit.com>
  • IBM TPM for OS Deployment 5.1.0.x rembo.exe Buffer Overflow
    Disclosure Date: 2007-05-02
    First seen: 2020-04-26
    exploit/windows/http/ibm_tpmfosd_overflow
    This is a stack buffer overflow exploit for IBM Tivoli Provisioning Manager for OS Deployment version 5.1.0.X. Authors: - toto
  • IBM DB2 db2rcmd.exe Command Execution Vulnerability
    Disclosure Date: 2004-03-04
    First seen: 2020-04-26
    auxiliary/admin/db2/db2rcmd
    This module exploits a vulnerability in the Remote Command Server component in IBM's DB2 Universal Database 8.1. An authenticated attacker can send arbitrary commands to the DB2REMOTECMD named pipe which could lead to administrator privileges. Authors: - MC <mc@metasploit.com>
  • Sendmail SMTP Address prescan Memory Corruption
    Disclosure Date: 2003-09-17
    First seen: 2020-04-26
    auxiliary/dos/smtp/sendmail_prescan
    This is a proof of concept denial of service module for Sendmail versions 8.12.8 and earlier. The vulnerability is within the prescan() method when parsing SMTP headers. Due to the prescan function, only 0x5c and 0x00 bytes can be used, limiting the likelihood for arbitrary code execution. Authors: - aushack <patrick@osisecurity.com.au>
  • Solaris in.telnetd TTYPROMPT Buffer Overflow
    Disclosure Date: 2002-01-18
    First seen: 2020-04-26
    exploit/solaris/telnet/ttyprompt
    This module uses a buffer overflow in the Solaris 'login' application to bypass authentication in the telnet daemon. Authors: - MC <mc@metasploit.com> - cazz <bmc@shmoo.com>
  • System V Derived /bin/login Extraneous Arguments Buffer Overflow
    Disclosure Date: 2001-12-12
    First seen: 2020-04-26
    exploit/dialup/multi/login/manyargs
    This exploit connects to a system's modem over dialup and exploits a buffer overflow vulnerability in it's System V derived /bin/login. The vulnerability is triggered by providing a large number of arguments. Authors: - I)ruid <druid@caughq.org>
  • Lotus Domino Password Hash Collector
    First seen: 2020-04-26
    auxiliary/scanner/lotus/lotus_domino_hashes
    Get users passwords hashes from names.nsf page Authors: - Tiago Ferreira <tiago.ccna@gmail.com>
  • HTTP Options Detection
    First seen: 2020-04-26
    auxiliary/scanner/http/options
    Display available HTTP options for each system Authors: - CG <cg@carnal0wnage.com>
  • Tomcat Application Manager Login Utility
    First seen: 2020-04-26
    auxiliary/scanner/http/tomcat_mgr_login
    This module simply attempts to login to a Tomcat Application Manager instance using a specific user/pass. Authors: - MC <mc@metasploit.com> - Matteo Cantoni <goony@nothink.org> - jduck <jduck@metasploit.com>
42 metasploit modules found
1 2 3
Please note: Metasploit modules are only matched by CVE numbers. Visit metasploit web site for more details
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close