Disclosed: January 06, 2015
This module will exploit an authenticated XXE vulnerability to read the keystore.properties
off of the filesystem. This properties file contains an encrypted password that is set during
installation. What is interesting about this password is that it is set as the same password
as the database 'sa' user and of the admin user cr...
Disclosed: December 31, 2014
This module exploits an administrator account creation vulnerability in Desktop Central
from v7 onwards by sending a crafted request to DCPluginServelet. It has been tested in
several versions of Desktop Central (including MSP) from v7 onwards.
Disclosed: December 18, 2014
This module exploits CVE-2014-9390, which affects Git (versions less
than 18.104.22.168, 1.9.5, 2.0.5, 2.1.4 and 2.2.1) and Mercurial (versions
less than 3.2.3) and describes three vulnerabilities.
On operating systems which have case-insensitive file systems, like
Windows and OS X, Git clients can be convinced to retr...
Disclosed: December 17, 2014
This module scans for HTTP servers that appear to be vulnerable to the
'Misfortune Cookie' vulnerability which affects Allegro Software
Rompager versions before 4.34 and can allow attackers to authenticate
to the HTTP service as an administrator without providing valid
Disclosed: December 15, 2014
This module exploits a directory traversal vulnerability in ManageEngine ServiceDesk,
AssetExplorer, SupportCenter and IT360 when uploading attachment files. The JSP that accepts
the upload does not handle correctly '../' sequences, which can be abused to write
to the file system. Authentication is needed to exploit this ...
Disclosed: December 11, 2014
WP Symposium Plugin for WordPress contains a flaw that allows a remote attacker
to execute arbitrary PHP code. This flaw exists because the
/wp-symposium/server/file_upload_form.php script does not properly verify or
sanitize user-uploaded files. By uploading a .php file, the remote system will
place the f...
Disclosed: December 09, 2014
This module exploits a code execution flaw in Lexmark MarkVision Enterprise before version 2.1.
A directory traversal vulnerability in the GfdFileUploadServlet servlet allows an unauthenticated
attacker to upload arbitrary files, including arbitrary JSP code. This module has been
tested successfully on Lexmark MarkVision ...
Disclosed: December 09, 2014
This module exploits a flaw in the password reset mechanism in BMC TrackIt! 11.3
and possibly prior versions. If the password reset service is configured to use
a domain administrator (which is the recommended configuration), then domain
credentials can be reset (such as domain Administrator).
Disclosed: December 03, 2014
The WordPress download-manager plugin contains multiple unauthenticated file upload
vulnerabilities which were fixed in version 2.7.5.
Disclosed: December 02, 2014
This module exploits a file upload vulnerability in ProjectSend
revisions 100 to 561. The 'process-upload.php' file allows
unauthenticated users to upload PHP files resulting in remote
code execution as the web server user.