Search Hints

  • Try searching for a product or vendor.
  • Only vulnerabilities that match all search terms will be returned.
  • Enclose search terms in double quotes for an exact search.
  • For CVE searches, only enter the CVE-YYYY-XXXX code.

Displaying module details 11 - 20 of 2719 in total

ManageEngine OpManager and Social IT Arbitrary File Upload Exploit

Disclosed: September 27, 2014

This module exploits a file upload vulnerability in ManageEngine OpManager and Social IT. The vulnerability exists in the FileCollector servlet which accepts unauthenticated file uploads. This module has been tested successfully on OpManager v8.8 - v11.3 and on version 11.0 of SocialIT for Windows and Linux.

Wordpress InfusionSoft Upload Vulnerability Exploit

Disclosed: September 25, 2014

This module exploits an arbitrary PHP code upload in the WordPress Infusionsoft Gravity Forms plugin, versions from 1.5.3 to 1.5.10. The vulnerability allows for arbitrary file upload and remote code execution.

Pure-FTPd External Authentication Bash Environment Variable Code Injection Exploit

Disclosed: September 24, 2014

This module exploits the code injection flaw known as Shellshock, which leverages specially crafted environment variables in Bash. Please note that this exploit specifically targets Pure-FTPd compiled with the --with-extauth flag, and an external Bash program for authentication. If the server is not set up this way, ...

DHCP Client Bash Environment Variable Code Injection Exploit

Disclosed: September 24, 2014

This module exploits a code injection in specially crafted environment variables in Bash, specifically targeting dhclient network configuration scripts through the HOSTNAME, DOMAINNAME, and URL DHCP options.

CUPS Filter Bash Environment Variable Code Injection Exploit

Disclosed: September 24, 2014

This module exploits a post-auth code injection in specially crafted environment variables in Bash, specifically targeting CUPS filters through the PRINTER_INFO and PRINTER_LOCATION variables by default.

Apache mod_cgi Bash Environment Variable Code Injection Exploit

Disclosed: September 24, 2014

This module exploits a code injection in specially crafted environment variables in Bash, specifically targeting Apache mod_cgi scripts through the HTTP_USER_AGENT variable by default.

Dhclient Bash Environment Variable Injection Exploit

Disclosed: September 24, 2014

When bash is started with an environment variable that begins with the string "() {", that variable is treated as a function definition and parsed as code. If extra commands are added after the function definition, they will be executed immediately. When dhclient receives an ACK that contains a domain name or host...

Apache mod_cgi Bash Environment Variable RCE Scanner Exploit

Disclosed: September 24, 2014

This module exploits a code injection in specially crafted environment variables in Bash, specifically targeting Apache mod_cgi scripts through the HTTP_USER_AGENT variable by default. PROTIP: Use exploit/multi/handler with a PAYLOAD appropriate to your CMD, set ExitOnSession false, run -j, and then run this modu...