Search Hints

  • Try searching for a product or vendor.
  • Only vulnerabilities that match all search terms will be returned.
  • Enclose search terms in double quotes for an exact search.
  • For CVE searches, only enter the CVE-YYYY-XXXX code.

Displaying module details 1 - 10 of 2905 in total

Apple OS X Rootpipe Privilege Escalation Exploit

Disclosed: April 09, 2015

This module exploits a hidden backdoor API in Apple's Admin framework on Mac OS X to escalate privileges to root, dubbed "Rootpipe." This module was tested on Yosemite 10.10.2 and should work on previous versions. The patch for this issue was not backported to older releases. Note: you must run this exploit as ...

Arris / Motorola Surfboard SBG6580 Web Interface Takeover Exploit

Disclosed: April 08, 2015

The web interface for the Arris / Motorola Surfboard SBG6580 has several vulnerabilities that, when combined, allow an arbitrary website to take control of the modem, even if the user is not currently logged in. The attacker must successfully know, or guess, the target's internal gateway IP address. This is usuall...

Ceragon FibeAir IP-10 SSH Private Key Exposure Exploit

Disclosed: April 01, 2015

Ceragon ships a public/private key pair on FibeAir IP-10 devices that allows passwordless authentication to any other IP-10 device. Since the key is easily retrievable, an attacker can use it to gain unauthorized remote access as the "mateidu" user.

Wordpress Work The Flow Upload Vulnerability Exploit

Disclosed: March 14, 2015

This module exploits an arbitrary PHP code upload in the WordPress Work The Flow plugin, version 2.5.2. The vulnerability allows for arbitrary file upload and remote code execution.

Solarwinds Firewall Security Manager 6.6.5 Client Session Handling Vulnerability Exploit

Disclosed: March 13, 2015

This module exploits multiple vulnerabilities found in Solarwinds Firewall Security Manager 6.6.5. The first vulnerability is an authentication bypass via the Change Advisor interface due to a user-controlled session.putValue API in userlogin.jsp, allowing the attacker to set the 'username' attribute before authentication...

iPass Mobile Client Service Privilege Escalation Exploit

Disclosed: March 12, 2015

The named pipe, \IPEFSYSPCPIPE, can be accessed by normal users to interact with the iPass service. The service provides a LaunchAppSysMode command which allows to execute arbitrary commands as SYSTEM.

Microsoft Windows Shell LNK Code Execution Exploit

Disclosed: March 10, 2015

This module exploits a vulnerability in the MS10-046 patch to abuse (again) the handling of Windows Shortcut files (.LNK) that contain an icon resource pointing to a malicious DLL. This creates an SMB resource to provide the payload and the trigger, and generates a LNK file which must be sent to the target. This module ha...