Disclosed: September 14, 2015
This module exploits a default credential vulnerability in ManageEngine OpManager, where a
default hidden account "IntegrationUser" with administrator privileges exists. The account
has a default password of "plugin" which can not be reset through the user interface. By
log-in and abusing the default administrator's SQL q...
Disclosed: September 08, 2015
This module exploits a vulnerability in Windows Media Center. By supplying
an UNC path in the *.mcl file, a remote file will be automatically downloaded,
which can result in arbitrary code execution.
Disclosed: August 23, 2015
This module exploits an SEH overflow in Konica Minolta FTP Server 1.00.
Konica Minolta FTP fails to check input size when parsing 'CWD' commands, which
leads to an SEH overflow. Konica FTP allows anonymous access by default; valid
credentials are typically unnecessary to exploit this vulnerability.
Disclosed: August 22, 2015
This module will bypass Windows UAC by utilizing the missing .manifest on the script host
Disclosed: August 17, 2015
Bolt CMS contains a flaw that allows an authenticated remote
attacker to execute arbitrary PHP code. This module was
tested on version 2.2.4.
Disclosed: August 16, 2015
This module exploits a null pointer dereference in XNU to escalate
privileges to root.
Tested on 10.10.4 and 10.10.5.
Disclosed: July 31, 2015
This module exploits three separate vulnerabilities in Symantec Endpoint Protection Manager
in order to achieve a remote shell on the box as NT AUTHORITY\SYSTEM. The vulnerabilities
include an authentication bypass, a directory traversal and a privilege escalation to
get privileged code execution.
Disclosed: July 29, 2015
This module embeds an exploit into an ucompressed map file (.h3m) for
Heroes of Might and Magic III. Once the map is started in-game, a
buffer overflow occuring when loading object sprite names leads to
Disclosed: July 28, 2015
This module sends a malformed TKEY query, which exploits an
error in handling TKEY queries on affected BIND9 'named' DNS servers.
As a result, a vulnerable named server will exit with a REQUIRE
assertion failure. This condition can be exploited in versions of BIND
between BIND 9.1.0 through 9.8.x, 9.9.0 through 9....
Disclosed: July 21, 2015
In Apple OS X 10.10.4 and prior, the DYLD_PRINT_TO_FILE environment
variable is used for redirecting logging data to a file instead of
stderr. Due to a design error, this feature can be abused by a local
attacker to write arbitrary files as root via restricted, SUID-root