Disclosed: December 09, 2014
This module exploits a flaw in the password reset mechanism in BMC TrackIt! 11.3
and possibly prior versions. If the password reset service is configured to use
a domain administrator (which is the recommended configuration), then domain
credentials can be reset (such as domain Administrator).
Disclosed: December 03, 2014
The WordPress download-manager plugin contains multiple unauthenticated file upload
vulnerabilities which were fixed in version 2.7.5.
Disclosed: November 30, 2014
This module exploits an arbitrary file download vulnerability in CSVServlet
on ManageEngine NetFlow Analyzer. This module has been tested on both Windows
and Linux with versions 8.6 to 10.2. Windows paths have to be escaped with 2
backslashes on the command line.
Disclosed: November 27, 2014
This module exploits a PHP object injection vulnerability in Tuelap <= 7.6-4 which could be
abused to allow authenticated users to execute arbitrary code with the permissions of the
web server. The dangerous unserialize() call exists in the 'src/www/project/register.php'
file. The exploit abuses the destructor method from...
Disclosed: November 19, 2014
This module exploits a buffer overflow in the RTSP request parsing
code of Hikvision DVR appliances. The Hikvision DVR devices record
video feeds of surveillance cameras and offer remote administration
and playback of recorded footage.
The vulnerability is present in several models / firmware versions
Disclosed: November 17, 2014
This module implements the DLSw information disclosure retrieval. There
is a bug in Cisco's DLSw implementation affecting 12.x and 15.x trains
that allows an unuthenticated remote attacker to retrieve the partial
contents of packets traversing a Cisco router with DLSw configured
Disclosed: November 13, 2014
This module exploits the Windows OLE Automation array vulnerability, CVE-2014-6332.
The vulnerability affects Internet Explorer 3.0 until version 11 within Windows95 up to Windows 10.
For this module to be successful, powershell is required on the target machine. On
Internet Explorer versions using Protected Mode, the use...
Disclosed: November 12, 2014
This module exploits a vulnerability found in Windows Object Linking and Embedding (OLE)
allowing arbitrary code execution, bypassing the patch MS14-060, for the vulnerability
publicly known as "Sandworm", on systems with Python for Windows installed. Windows Vista
SP2 all the way to Windows 8, Windows Server 2008 and 201...
Disclosed: November 12, 2014
A vulnerability exists in the KNOX security component of the Samsung Galaxy
firmware that allows a remote webpage to install an APK with arbitrary
permissions by abusing the 'smdm://' protocol handler registered by the KNOX
The vulnerability has been confirmed in the Samsung Galaxy S4, S5, Note 3,
Disclosed: November 08, 2014
This module exploits a post-auth vulnerability found in MantisBT versions 1.2.0a3 up to 1.2.17 when the Import/Export plugin is installed.
The vulnerable code exists on plugins/XmlImportExport/ImportXml.php, which receives user input through the "description" field and the "issuelink" attribute of an uploaded XML file and passes to preg_...