#vulnerability

This Metasploit module implements the DLSw information disclosure retrieval. There is a bug in Ciscos DLSw implementation affecting 12.x and 15.x trains that allows an unauthenticated remote attacker to retrieve the partial contents of packets traversing a Cisco router with DLSw configured and active.

This Metasploit module checks the provided hosts for the CVE-2023-21554 vulnerability by sending a MSMQ message with an altered DataLength field within the SRMPEnvelopeHeader that overflows the given buffer. On patched systems, the error is caught and no response is sent back. On vulnerable systems, the integer wraps around and depending on the length could cause an out-of-bounds write. In the context of this module a response is sent back, which indicates that the system is vulnerable.

This Metasploit module abuses the "install/upgrade.php" component on vBulletin 4.1+ and 4.5+ to create a new administrator account, as exploited in the wild on October 2013. This Metasploit module has been tested successfully on vBulletin 4.1.5 and 4.1.0.

This Metasploit module exploits an improper access control vulnerability (CVE-2023-6329) in Control iD iDSecure less than or equal to v4.7.43.0. It allows an unauthenticated remote attacker to compute valid credentials and to add a new administrative user to the web interface of the product.

This Metasploit module exploits an unauthenticated file download vulnerability in limesurvey between 2.0+ and 2.06+ Build 151014. The file is downloaded as a ZIP and unzipped automatically, thus binary files can be downloaded.

This Metasploit module exploits a directory traversal vulnerability in the WebAdmin interface of Axigen, which allows an authenticated user to read and delete arbitrary files with SYSTEM privileges. The vulnerability is known to work on Windows platforms. This Metasploit module has been tested successfully on Axigen 8.10 over Windows 2003 SP2.

This Metasploit module exploits HTTP servers that appear to be vulnerable to the Misfortune Cookie vulnerability which affects Allegro Software Rompager versions before 4.34 and can allow attackers to authenticate to the HTTP service as an administrator without providing valid credentials.

This Metasploit module exploits an authentication bypass vulnerability in different Netgear devices. It allows you to extract the password for the remote management interface.

Some Linksys Routers are vulnerable to an authenticated OS command injection. Default credentials for the web interface are admin/admin or admin/password. Since it is a blind os command injection vulnerability, there is no output for the executed command. A ping command against a controlled system for can be used for testing purposes.

This Metasploit module exploits an authentication bypass vulnerability in D-Link DSL 320B less than or equal tov1.23. This vulnerability allows to extract the credentials for the remote management interface.