2 min
Metasploit
Metasploit Weekly Wrap-Up 10/04/2024
New module content (3)
cups-browsed Information Disclosure
Authors: bcoles and evilsocket
Type: Auxiliary
Pull request: #19510 [https://github.com/rapid7/metasploit-framework/pull/19510]
contributed by bcoles [https://github.com/bcoles]
Path: scanner/misc/cups_browsed_info_disclosure
Description: Adds scanner module to retrieve CUPS version and kernel version
information from cups-browsed services.
Acronis Cyber Infrastructure default password remote code execution
Authors: Acronis Internatio
2 min
Metasploit
Metasploit Weekly Wrap-Up 07/26/2024
New module content (3)
Magento XXE Unserialize Arbitrary File Read
Authors: Heyder and Sergey Temnikov
Type: Auxiliary
Pull request: #19304 [https://github.com/rapid7/metasploit-framework/pull/19304]
contributed by heyder [https://github.com/heyder]
Path: gather/magento_xxe_cve_2024_34102
AttackerKB reference: CVE-2024-34102
[https://attackerkb.com/search?q=CVE-2024-34102&referrer=blog]
Description: This adds an auxiliary module for an XXE which results in an
arbitrary file in Magento which is
3 min
Metasploit
Metasploit Wrap-Up 03/08/2024
New module content (2)
GitLab Tags RSS feed email disclosure
Authors: erruquill and n00bhaxor
Type: Auxiliary
Pull request: #18821 [https://github.com/rapid7/metasploit-framework/pull/18821]
contributed by n00bhaxor [https://github.com/n00bhaxor]
Path: gather/gitlab_tags_rss_feed_email_disclosure
AttackerKB reference: CVE-2023-5612
[https://attackerkb.com/search?q=CVE-2023-5612?referrer=blog]
Description: This adds an auxiliary module that leverages an information
disclosure vulnerability (CVE
2 min
Metasploit
Metasploit Weekly Wrap-Up 1/05/2024
New module content (2)
Splunk __raw Server Info Disclosure
Authors: KOF2002, h00die, and n00bhaxor
Type: Auxiliary
Pull request: #18635 [https://github.com/rapid7/metasploit-framework/pull/18635]
contributed by n00bhaxor [https://github.com/n00bhaxor]
Path: gather/splunk_raw_server_info
Description: This PR adds a module for an authenticated Splunk information
disclosure vulnerability. This module gathers information about the host machine
and the Splunk install including OS version, build, CP
2 min
Metasploit
Metasploit Weekly Wrap-Up: Oct. 6, 2023
New module content (3)
LDAP Login Scanner
Author: Dean Welch
Type: Auxiliary
Pull request: #18197 [https://github.com/rapid7/metasploit-framework/pull/18197]
contributed by dwelch-r7 [https://github.com/dwelch-r7]
Path: scanner/ldap/ldap_login
Description: This PR adds a new login scanner module for LDAP. Login scanners
are the classes that provide functionality for testing authentication against
various different protocols and mechanisms. This LDAP login scanner supports
multiple types of aut
2 min
Metasploit
Metasploit Wrap-Up: 2/17/23
Cisco RV Series Auth Bypass and Command Injection
Thanks to community contributor neterum [https://github.com/neterum], Metasploit
framework just gained an awesome new module which targets Cisco Small Business
RV Series Routers. The module actually exploits two vulnerabilities, an
authentication bypass CVE-2022-20705
[https://attackerkb.com/topics/1iBoR0w9Ak/cve-2022-20705?referrer=blog] and a
command injection vulnerability CVE-2022-20707
[https://attackerkb.com/topics/J6696vwQVH/cve-2022-20707