Search Hints

  • Try searching for a product or vendor.
  • Only vulnerabilities that match all search terms will be returned.
  • Enclose search terms in double quotes for an exact search.
  • For CVE searches, only enter the CVE-YYYY-XXXX code.

Displaying module details 11 - 20 of 2842 in total

ManageEngine Multiple Products Arbitrary File Download Exploit

Disclosed: January 28, 2015

This module exploits an arbitrary file download vulnerability in the FailOverHelperServlet on ManageEngine OpManager, Applications Manager and IT360. This vulnerability is unauthenticated on OpManager and Applications Manager, but authenticated in IT360. This module will attempt to login using the default credentials for ...

Remote Code Execution in WordPress Platform Theme Exploit

Disclosed: January 21, 2015

The WordPress Theme "platform" contains a remote code execution vulnerability through an unchecked admin_init call. The theme includes the uploaded file from it's temp filename with php's include function.

WordPress Pixabay Images PHP Code Upload Exploit

Disclosed: January 19, 2015

This module exploits multiple vulnerabilities in the WordPress plugin Pixabay Images 2.3.6. The plugin does not check the host of a provided download URL which can be used to store and execute malicious PHP code on the system.

MS15-004 Microsoft Remote Desktop Services Web Proxy IE Sandbox Escape Exploit

Disclosed: January 13, 2015

This module abuses a process creation policy in Internet Explorer's sandbox; specifically, Microsoft's RemoteApp and Desktop Connections runtime proxy, TSWbPrxy.exe. This vulnerability allows the attacker to escape the Protected Mode and execute code with Medium Integrity. At the moment, this module only bypass P...

WordPress WP EasyCart Unrestricted File Upload Exploit

Disclosed: January 08, 2015

WordPress Shopping Cart (WP EasyCart) Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This flaw exists because the /inc/amfphp/administration/banneruploaderscript.php ...

McAfee ePolicy Orchestrator Authenticated XXE Credentials Exposure Exploit

Disclosed: January 06, 2015

This module will exploit an authenticated XXE vulnerability to read the keystore.properties off of the filesystem. This properties file contains an encrypted password that is set during installation. What is interesting about this password is that it is set as the same password as the database 'sa' user and of the admin user cr...

ManageEngine Desktop Central Administrator Account Creation Exploit

Disclosed: December 31, 2014

This module exploits an administrator account creation vulnerability in Desktop Central from v7 onwards by sending a crafted request to DCPluginServelet. It has been tested in several versions of Desktop Central (including MSP) from v7 onwards.

Malicious Git and Mercurial HTTP Server For CVE-2014-9390 Exploit

Disclosed: December 18, 2014

This module exploits CVE-2014-9390, which affects Git (versions less than 1.8.5.6, 1.9.5, 2.0.5, 2.1.4 and 2.2.1) and Mercurial (versions less than 3.2.3) and describes three vulnerabilities. On operating systems which have case-insensitive file systems, like Windows and OS X, Git clients can be convinced to retr...

Achat Unicode SEH Buffer Overflow Exploit

Disclosed: December 18, 2014

This module exploits a Unicode SEH buffer overflow in Achat. By sending a crafted message to the default port 9256/UDP, it's possible to overwrite the SEH handler. Even when the exploit is reliable, it depends on timing since there are two threads overflowing the stack in the same time. This module has been tested on ...

Allegro Software RomPager 'Misfortune Cookie' (CVE-2014-9222) Scanner Exploit

Disclosed: December 17, 2014

This module scans for HTTP servers that appear to be vulnerable to the 'Misfortune Cookie' vulnerability which affects Allegro Software Rompager versions before 4.34 and can allow attackers to authenticate to the HTTP service as an administrator without providing valid credentials.