Search Hints

  • Try searching for a product or vendor.
  • Only vulnerabilities that match all search terms will be returned.
  • Enclose search terms in double quotes for an exact search.
  • For CVE searches, only enter the CVE-YYYY-XXXX code.

Displaying module details 1 - 10 of 3025 in total

Apple OS X DYLD_PRINT_TO_FILE Privilege Escalation Exploit

Disclosed: July 21, 2015

In Apple OS X 10.10.4 and prior, the DYLD_PRINT_TO_FILE environment variable is used for redirecting logging data to a file instead of stderr. Due to a design error, this feature can be abused by a local attacker to write arbitrary files as root via restricted, SUID-root binaries.

Western Digital Arkeia Remote Code Execution Exploit

Disclosed: July 10, 2015

This module exploits a code execution flaw in Western Digital Arkeia version 11.0.12 and below. The vulnerability exists in the 'arkeiad' daemon listening on TCP port 617. Because there are insufficient checks on the authentication of all clients, this can be bypassed. Using the ARKFS_EXEC_CMD operation it's possible to e...

VNC Keyboard Remote Code Execution Exploit

Disclosed: July 10, 2015

This module exploits VNC servers by sending virtual keyboard keys and executing a payload. On Windows systems a command prompt is opened and a PowerShell or CMDStager payload is typed and executed. On Unix/Linux systems a xterm terminal is opened and a payload is typed and executed.

Accellion FTA 'statecode' Cookie Arbitrary File Read Exploit

Disclosed: July 10, 2015

This module exploits a file disclosure vulnerability in the Accellion File Transfer appliance. This vulnerability is triggered when a user-provided 'statecode' cookie parameter is appended to a file path that is processed as a HTML template. By prepending this cookie with directory traversal sequence and appending...

Accellion FTA getStatus verify_oauth_token Command Execution Exploit

Disclosed: July 10, 2015

This module exploits a metacharacter shell injection vulnerability in the Accellion File Transfer appliance. This vulnerability is triggered when a user-provided 'oauth_token' is passed into a system() call within a mod_perl handler. This module exploits the '/tws/getStatus' endpoint. Other vulnerable handlers include ...

OpenSSL Alternative Chains Certificate Forgery MITM Proxy Exploit

Disclosed: July 09, 2015

This module exploits a logic error in OpenSSL by impersonating the server and sending a specially-crafted chain of certificates, resulting in certain checks on untrusted certificates to be bypassed on the client, allowing it to use a valid leaf certificate as a CA certificate to sign a fake certificate. The SSL/TL...

Adobe Flash Player ByteArray Use After Free Exploit

Disclosed: July 06, 2015

This module exploits an use after free on Adobe Flash Player. The vulnerability, discovered by Hacking Team and made public as part of the July 2015 data leak, was described as an Use After Free while handling ByteArray objects. This module has been tested successfully on: Windows 7 SP1 (32-bit), IE11 and Adobe F...

Adobe Flash opaqueBackground Use After Free Exploit

Disclosed: July 06, 2015

This module exploits an use after free on Adobe Flash Player. The vulnerability, discovered by Hacking Team and made public as part of the July 2015 data leak, was described as an Use After Free while handling the opaqueBackground property 7 setter of the flash.display.DisplayObject class. This module is an early release ...

HTTP Client Automatic Exploiter 2 (Browser Autopwn) Exploit

Disclosed: July 05, 2015

This module will automatically serve browser exploits. Here are the options you can configure: The Include option allows you to specify the kind of exploits to be loaded. For example, if you wish to load just Adobe Flash exploits, then you can set Include to 'adobe_flash'. The Exclude option will ignore exploits...

Adobe Flash Player Nellymoser Audio Decoding Buffer Overflow Exploit

Disclosed: June 23, 2015

This module exploits a buffer overflow on Adobe Flash Player when handling nellymoser encoded audio inside a FLV video, as exploited in the wild on June 2015. This module has been tested successfully on: Windows 7 SP1 (32-bit), IE11 and Adobe Flash 18.0.0.160, Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flas...