Search Hints

  • Try searching for a product or vendor.
  • Only vulnerabilities that match all search terms will be returned.
  • Enclose search terms in double quotes for an exact search.
  • For CVE searches, only enter the CVE-YYYY-XXXX code.

Displaying module details 11 - 20 of 3082 in total

CMS Bolt File Upload Vulnerability Exploit

Disclosed: August 17, 2015

Bolt CMS contains a flaw that allows an authenticated remote attacker to execute arbitrary PHP code. This module was tested on version 2.2.4.

Mac OS X "tpwn" Privilege Escalation Exploit

Disclosed: August 16, 2015

This module exploits a null pointer dereference in XNU to escalate privileges to root. Tested on 10.10.4 and 10.10.5.

Symantec Endpoint Protection Manager Authentication Bypass and Code Execution Exploit

Disclosed: July 31, 2015

This module exploits three separate vulnerabilities in Symantec Endpoint Protection Manager in order to achieve a remote shell on the box as NT AUTHORITY\SYSTEM. The vulnerabilities include an authentication bypass, a directory traversal and a privilege escalation to get privileged code execution.

Heroes of Might and Magic III .h3m Map file Buffer Overflow Exploit

Disclosed: July 29, 2015

This module embeds an exploit into an ucompressed map file (.h3m) for Heroes of Might and Magic III. Once the map is started in-game, a buffer overflow occuring when loading object sprite names leads to shellcode execution.

BIND TKEY Query Denial of Service Exploit

Disclosed: July 28, 2015

This module sends a malformed TKEY query, which exploits an error in handling TKEY queries on affected BIND9 'named' DNS servers. As a result, a vulnerable named server will exit with a REQUIRE assertion failure. This condition can be exploited in versions of BIND between BIND 9.1.0 through 9.8.x, 9.9.0 through 9....

Apple OS X DYLD_PRINT_TO_FILE Privilege Escalation Exploit

Disclosed: July 21, 2015

In Apple OS X 10.10.4 and prior, the DYLD_PRINT_TO_FILE environment variable is used for redirecting logging data to a file instead of stderr. Due to a design error, this feature can be abused by a local attacker to write arbitrary files as root via restricted, SUID-root binaries.

MS15-078 Microsoft Windows Font Driver Buffer Overflow Exploit

Disclosed: July 11, 2015

This module exploits a pool based buffer overflow in the atmfd.dll driver when parsing a malformed font. The vulnerability was exploited by the hacking team and disclosed on the july data leak. This module has been tested successfully on vulnerable builds of Windows 8.1 x64.

ManageEngine EventLog Analyzer Remote Code Execution Exploit

Disclosed: July 11, 2015

This module exploits a SQL query functionality in ManageEngine EventLog Analyzer v10.6 build 10060 and previous versions. Every authenticated user, including the default "guest" account can execute SQL queries directly on the underlying Postgres database server. The queries are executed as the "postgres" user which has fu...

VNC Keyboard Remote Code Execution Exploit

Disclosed: July 10, 2015

This module exploits VNC servers by sending virtual keyboard keys and executing a payload. On Windows systems a command prompt is opened and a PowerShell or CMDStager payload is typed and executed. On Unix/Linux systems a xterm terminal is opened and a payload is typed and executed.

Western Digital Arkeia Remote Code Execution Exploit

Disclosed: July 10, 2015

This module exploits a code execution flaw in Western Digital Arkeia version 11.0.12 and below. The vulnerability exists in the 'arkeiad' daemon listening on TCP port 617. Because there are insufficient checks on the authentication of all clients, this can be bypassed. Using the ARKFS_EXEC_CMD operation it's possible to e...