• NetBSD mail.local Privilege Escalation
    Disclosure Date: 2016-07-07
    First seen: 2020-04-26
    exploit/unix/local/netbsd_mail_local
    This module attempts to exploit a race condition in mail.local with SUID bit set on: NetBSD 7.0 - 7.0.1 (verified on 7.0.1) NetBSD 6.1 - 6.1.5 NetBSD 6.0 - 6.0.6 Successful exploitation relies on a crontab job with root privilege, which may take up to 10min to execute. Authors: - h00die <mike@shorebreaksecurity.com> - akat1
  • tnftp "savefile" Arbitrary Command Execution
    Disclosure Date: 2014-10-28
    First seen: 2020-04-26
    exploit/unix/http/tnftp_savefile
    This module exploits an arbitrary command execution vulnerability in tnftp's handling of the resolved output filename - called "savefile" in the source - from a requested resource. If tnftp is executed without the -o command-line option, it will resolve the output filename from the last component of the requested resource. If the output filename begins with a "|" character, tnftp will pass the fetched resource's output to the command directly following the "|" character through the use of the popen() function. Authors: - Jared McNeill - wvu <wvu@metasploit.com>
  • SSL/TLS Version Detection
    Disclosure Date: 2014-10-14
    First seen: 2022-12-23
    auxiliary/scanner/ssl/ssl_version
    Check if a server supports a given version of SSL/TLS and cipher suites. The certificate is stored in loot, and any known vulnerabilities against that SSL version and cipher suite combination are checked. These checks include POODLE, deprecated protocols, expired/not valid certs, low key strength, null cipher suites, certificates signed with MD5, DROWN, RC4 ciphers, exportable ciphers, LOGJAM, and BEAST. Authors: - todb <todb@metasploit.com> - et <et@metasploit.com> - Chris John Riley - Veit Hailperin <hailperv@gmail.com> - h00die
  • FreeBSD Intel SYSRET Privilege Escalation
    Disclosure Date: 2012-06-12
    First seen: 2020-04-26
    exploit/freebsd/local/intel_sysret_priv_esc
    This module exploits a vulnerability in the FreeBSD kernel, when running on 64-bit Intel processors. By design, 64-bit processors following the X86-64 specification will trigger a general protection fault (GPF) when executing a SYSRET instruction with a non-canonical address in the RCX register. However, Intel processors check for a non-canonical address prior to dropping privileges, causing a GPF in privileged mode. As a result, the current userland RSP stack pointer is restored and executed, resulting in privileged code execution. This module has been tested successfully on: FreeBSD 8.3-RELEASE (amd64); and FreeBSD 9.0-RELEASE (amd64). Authors: - Rafal Wojtczuk - John Baldwin - iZsh - bcoles <bcoles@gmail.com>
  • Sendmail SMTP Address prescan Memory Corruption
    Disclosure Date: 2003-09-17
    First seen: 2020-04-26
    auxiliary/dos/smtp/sendmail_prescan
    This is a proof of concept denial of service module for Sendmail versions 8.12.8 and earlier. The vulnerability is within the prescan() method when parsing SMTP headers. Due to the prescan function, only 0x5c and 0x00 bytes can be used, limiting the likelihood for arbitrary code execution. Authors: - aushack <patrick@osisecurity.com.au>
4 metasploit modules found
Please note: Metasploit modules are only matched by CVE numbers. Visit metasploit web site for more details
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!