Search Hints

  • Try searching for a product or vendor.
  • Only vulnerabilities that match all search terms will be returned.
  • Enclose search terms in double quotes for an exact search.
  • For CVE searches, only enter the CVE-YYYY-XXXX code.

Displaying module details 11 - 20 of 2761 in total

ManageEngine Password Manager SQLAdvancedALSearchResult.cc Pro SQL Injection Exploit

Disclosed: November 08, 2014

ManageEngine Password Manager Pro (PMP) has an authenticated blind SQL injection vulnerability in SQLAdvancedALSearchResult.cc that can be abused to escalate privileges and obtain Super Administrator access. A Super Administrator can then use his privileges to dump the whole password database in CSV format. PMP can use ...

ManageEngine Eventlog Analyzer Managed Hosts Administrator Credential Disclosure Exploit

Disclosed: November 05, 2014

ManageEngine Eventlog Analyzer from v7 to v9.9 b9002 has two security vulnerabilities that allow an unauthenticated user to obtain the superuser password of any managed Windows and AS/400 hosts. This module abuses both vulnerabilities to collect all the available usernames and passwords. First the agentHandler servlet is ...

Visual Mining NetCharts Server Remote Code Execution Exploit

Disclosed: November 03, 2014

This module exploits multiple vulnerabilities in Visual Mining NetCharts. First, a lack of input validation in the administration console permits arbitrary jsp code upload to locations accessible later through the web service. Authentication is typically required, however a 'hidden' user is available by default (a...

tnftp "savefile" Arbitrary Command Execution Exploit

Disclosed: October 28, 2014

This module exploits an arbitrary command execution vulnerability in tnftp's handling of the resolved output filename - called "savefile" in the source - from a requested resource. If tnftp is executed without the -o command-line option, it will resolve the output filename from the last component of the requested...

GNU Wget FTP Symlink Arbitrary Filesystem Access Exploit

Disclosed: October 27, 2014

This module exploits a vulnerability in Wget when used in recursive (-r) mode with a FTP server as a destination. A symlink is used to allow arbitrary writes to the target's filesystem. To specify content for the file, use the "file:/path" syntax for the TARGET_DATA option. Tested successfully with wget 1...

X7 Chat 2.0.5 lib/message.php preg_replace() PHP Code Execution Exploit

Disclosed: October 27, 2014

This module exploits a post-auth vulnerability found in X7 Chat versions 2.0.0 up to 2.0.5.1. The vulnerable code exists on lib/message.php, which uses preg_replace() function with the /e modifier. This allows a remote authenticated attacker to execute arbitrary PHP code in the remote machine.

WildFly Directory Traversal Exploit

Disclosed: October 22, 2014

This module exploits a directory traversal vulnerability found in the WildFly 8.1.0.Final web server running on port 8080, named JBoss Undertow. The vulnerability only affects to Windows systems.

MS14-064 Microsoft Windows OLE Package Manager Code Execution Exploit

Disclosed: October 21, 2014

This module exploits a vulnerability found in Windows Object Linking and Embedding (OLE) allowing arbitrary code execution, publicly exploited in the wild as MS14-060 patch bypass. The Microsoft update tried to fix the vulnerability publicly known as "Sandworm". Platforms such as Windows Vista SP2 all the way to Windows 8...

Drupal HTTP Parameter Key/Value SQL Injection Exploit

Disclosed: October 15, 2014

This module exploits the Drupal HTTP Parameter Key/Value SQL Injection (aka Drupageddon) in order to achieve a remote shell on the vulnerable instance. This module was tested against Drupal 7.0 and 7.31 (was fixed in 7.32).

Centreon SQL and Command Injection Exploit

Disclosed: October 15, 2014

This module exploits several vulnerabilities on Centreon 2.5.1 and prior and Centreon Enterprise Server 2.2 and prior. Due to a combination of SQL injection and command injection in the displayServiceStatus.php component, it is possible to execute arbitrary commands as long as there is a valid session registered in the ce...