|
6487 | 6487 | "notes": { |
6488 | 6488 | } |
6489 | 6489 | }, |
| 6490 | + "auxiliary_admin/smb/webexec_command": { |
| 6491 | + "name": "WebEx Remote Command Execution Utility", |
| 6492 | + "full_name": "auxiliary/admin/smb/webexec_command", |
| 6493 | + "rank": 300, |
| 6494 | + "disclosure_date": null, |
| 6495 | + "type": "auxiliary", |
| 6496 | + "author": [ |
| 6497 | + "Ron Bowes <ron@skullsecurity.net>" |
| 6498 | + ], |
| 6499 | + "description": "This module enables the execution of a single command as System by exploiting a remote\n code execution vulnerability in Cisco's WebEx client software.", |
| 6500 | + "references": [ |
| 6501 | + "URL-https://webexec.org", |
| 6502 | + "CVE-2018-15442" |
| 6503 | + ], |
| 6504 | + "is_server": false, |
| 6505 | + "is_client": false, |
| 6506 | + "platform": "", |
| 6507 | + "arch": "", |
| 6508 | + "rport": 445, |
| 6509 | + "autofilter_ports": [ |
| 6510 | + 139, |
| 6511 | + 445 |
| 6512 | + ], |
| 6513 | + "autofilter_services": [ |
| 6514 | + "netbios-ssn", |
| 6515 | + "microsoft-ds" |
| 6516 | + ], |
| 6517 | + "targets": null, |
| 6518 | + "mod_time": "2018-10-24 16:18:17 +0000", |
| 6519 | + "path": "/modules/auxiliary/admin/smb/webexec_command.rb", |
| 6520 | + "is_install_path": true, |
| 6521 | + "ref_name": "admin/smb/webexec_command", |
| 6522 | + "check": true, |
| 6523 | + "post_auth": false, |
| 6524 | + "default_credential": false, |
| 6525 | + "notes": { |
| 6526 | + } |
| 6527 | + }, |
6490 | 6528 | "auxiliary_admin/sunrpc/solaris_kcms_readfile": { |
6491 | 6529 | "name": "Solaris KCMS + TTDB Arbitrary File Read", |
6492 | 6530 | "full_name": "auxiliary/admin/sunrpc/solaris_kcms_readfile", |
@@ -114983,6 +115021,46 @@ |
114983 | 115021 | "notes": { |
114984 | 115022 | } |
114985 | 115023 | }, |
| 115024 | + "exploit_windows/local/webexec": { |
| 115025 | + "name": "WebEx Local Service Permissions Exploit", |
| 115026 | + "full_name": "exploit/windows/local/webexec", |
| 115027 | + "rank": 400, |
| 115028 | + "disclosure_date": "2018-10-09", |
| 115029 | + "type": "exploit", |
| 115030 | + "author": [ |
| 115031 | + "Jeff McJunkin <jeff.mcjunkin@gmail.com>" |
| 115032 | + ], |
| 115033 | + "description": "This module exploits a flaw in the 'webexservice' Windows service, which runs as SYSTEM,\n can be used to run arbitrary commands locally, and can be started by limited users in\n default installations.", |
| 115034 | + "references": [ |
| 115035 | + "URL-https://webexec.org", |
| 115036 | + "CVE-2018-15442" |
| 115037 | + ], |
| 115038 | + "is_server": true, |
| 115039 | + "is_client": false, |
| 115040 | + "platform": "Windows", |
| 115041 | + "arch": "", |
| 115042 | + "rport": null, |
| 115043 | + "autofilter_ports": [ |
| 115044 | + |
| 115045 | + ], |
| 115046 | + "autofilter_services": [ |
| 115047 | + |
| 115048 | + ], |
| 115049 | + "targets": [ |
| 115050 | + "Automatic", |
| 115051 | + "Windows x86", |
| 115052 | + "Windows x64" |
| 115053 | + ], |
| 115054 | + "mod_time": "2018-10-24 16:13:47 +0000", |
| 115055 | + "path": "/modules/exploits/windows/local/webexec.rb", |
| 115056 | + "is_install_path": true, |
| 115057 | + "ref_name": "windows/local/webexec", |
| 115058 | + "check": true, |
| 115059 | + "post_auth": false, |
| 115060 | + "default_credential": false, |
| 115061 | + "notes": { |
| 115062 | + } |
| 115063 | + }, |
114986 | 115064 | "exploit_windows/local/wmi": { |
114987 | 115065 | "name": "Windows Management Instrumentation (WMI) Remote Command Execution", |
114988 | 115066 | "full_name": "exploit/windows/local/wmi", |
@@ -124254,6 +124332,47 @@ |
124254 | 124332 | "notes": { |
124255 | 124333 | } |
124256 | 124334 | }, |
| 124335 | + "exploit_windows/smb/webexec": { |
| 124336 | + "name": "WebExec Authenticated User Code Execution", |
| 124337 | + "full_name": "exploit/windows/smb/webexec", |
| 124338 | + "rank": 0, |
| 124339 | + "disclosure_date": "2018-10-24", |
| 124340 | + "type": "exploit", |
| 124341 | + "author": [ |
| 124342 | + "Ron <ron@skullsecurity.net>" |
| 124343 | + ], |
| 124344 | + "description": "This module uses a valid username and password of any level (or\n password hash) to execute an arbitrary payload. This module is similar\n to the \"psexec\" module, except allows any non-guest account by default.", |
| 124345 | + "references": [ |
| 124346 | + "URL-https://webexec.org", |
| 124347 | + "CVE-2018-15442" |
| 124348 | + ], |
| 124349 | + "is_server": false, |
| 124350 | + "is_client": false, |
| 124351 | + "platform": "Windows", |
| 124352 | + "arch": "x86, x64", |
| 124353 | + "rport": 445, |
| 124354 | + "autofilter_ports": [ |
| 124355 | + 139, |
| 124356 | + 445 |
| 124357 | + ], |
| 124358 | + "autofilter_services": [ |
| 124359 | + "netbios-ssn", |
| 124360 | + "microsoft-ds" |
| 124361 | + ], |
| 124362 | + "targets": [ |
| 124363 | + "Automatic", |
| 124364 | + "Native upload" |
| 124365 | + ], |
| 124366 | + "mod_time": "2018-10-24 09:46:00 +0000", |
| 124367 | + "path": "/modules/exploits/windows/smb/webexec.rb", |
| 124368 | + "is_install_path": true, |
| 124369 | + "ref_name": "windows/smb/webexec", |
| 124370 | + "check": false, |
| 124371 | + "post_auth": true, |
| 124372 | + "default_credential": false, |
| 124373 | + "notes": { |
| 124374 | + } |
| 124375 | + }, |
124257 | 124376 | "exploit_windows/smtp/mailcarrier_smtp_ehlo": { |
124258 | 124377 | "name": "TABS MailCarrier v2.51 SMTP EHLO Overflow", |
124259 | 124378 | "full_name": "exploit/windows/smtp/mailcarrier_smtp_ehlo", |
|
0 commit comments