Disclosed: August 19, 2014
This module exploits an authentication bypass vulnerability in Solarwinds Storage Manager.
The vulnerability exists in the AuthenticationFilter, which allows to bypass authentication
with specially crafted URLs. After bypassing authentication, is possible to use a file
upload function to achieve remote code execution. Thi...
Disclosed: August 09, 2014
This module allows an unauthenticated user to interact with the Yokogawa
CENTUM CS3000 BKBCopyD.exe service through the PMODE, RETR and STOR
Disclosed: August 06, 2014
Wordpress XMLRPC parsing is vulnerable to a XML based denial of service.
This vulnerability affects Wordpress 3.5 - 3.9.2 (3.8.4 and 3.7.4 are
Disclosed: August 04, 2014
This module exploits a PHP code execution vulnerability in
HybridAuth versions 2.0.9 to 2.2.2. The install file 'install.php'
is not removed after installation allowing unauthenticated users to
write PHP code to the application configuration file 'config.php'.
Note: This exploit will overwrite the application con...
Disclosed: July 22, 2014
A vulnerability within the MQAC.sys module allows an attacker to
overwrite an arbitrary location in kernel memory.
This module will elevate itself to SYSTEM, then inject the payload
into another SYSTEM process.
Disclosed: July 17, 2014
This module exploits a buffer overflow vulnerability in Advantec WebAccess. The
vulnerability exists in the dvs.ocx ActiveX control, where a dangerous call to
sprintf can be reached with user controlled data through the GetColor function.
This module has been tested successfully on Windows XP SP3 with IE6 and Windows
Disclosed: July 15, 2014
A vulnerability within the VBoxGuest driver allows an attacker to inject memory they
control into an arbitrary location they define. This can be used by an attacker to
overwrite HalDispatchTable+0x4 and execute arbitrary code by subsequently calling
NtQueryIntervalProfile on Windows XP SP3 systems. This has been tested wi...
Disclosed: July 14, 2014
The Wordpress WPTouch plugin contains an auhtenticated file upload
vulnerability. A wp-nonce (CSRF token) is created on the backend index
page and the same token is used on handling ajax file uploads through
the plugin. By sending the captured nonce with the upload, we can
upload arbitrary files to the upl...
Disclosed: July 08, 2014
A website that serves a JSONP endpoint that accepts a custom alphanumeric
callback of 1200 chars can be abused to serve an encoded swf payload that
steals the contents of a same-domain URL. Flash < 188.8.131.52 is required.
This module spins up a web server that, upon navigation from a user, attempts
to abuse the s...
Disclosed: July 01, 2014
The Wordpress plugin "MailPoet Newsletters" (wysija-newsletters) before 2.6.8
is vulnerable to an unauthenticated file upload. The exploit uses the Upload Theme
functionality to upload a zip file containing the payload. The plugin uses the
admin_init hook, which is also executed for unauthenticated users when access...