Search Hints

  • Try searching for a product or vendor.
  • Only vulnerabilities that match all search terms will be returned.
  • Enclose search terms in double quotes for an exact search.
  • For CVE searches, only enter the CVE-YYYY-XXXX code.

Displaying module details 21 - 30 of 2845 in total

Achat Unicode SEH Buffer Overflow Exploit

Disclosed: December 18, 2014

This module exploits a Unicode SEH buffer overflow in Achat. By sending a crafted message to the default port 9256/UDP, it's possible to overwrite the SEH handler. Even when the exploit is reliable, it depends on timing since there are two threads overflowing the stack in the same time. This module has been tested on ...

Allegro Software RomPager 'Misfortune Cookie' (CVE-2014-9222) Scanner Exploit

Disclosed: December 17, 2014

This module scans for HTTP servers that appear to be vulnerable to the 'Misfortune Cookie' vulnerability which affects Allegro Software Rompager versions before 4.34 and can allow attackers to authenticate to the HTTP service as an administrator without providing valid credentials.

Symantec Web Gateway 5 restore.php Post Authentication Command Injection Exploit

Disclosed: December 16, 2014

This module exploits a command injection vulnerability found in Symantec Web Gateway's setting restoration feature. The filename portion can be used to inject system commands into a syscall function, and gain control under the context of HTTP service. For Symantec Web Gateway 5.1.1, you can exploit this vulnerabi...

Malwarebytes Anti-Malware and Anti-Exploit Update Remote Code Execution Exploit

Disclosed: December 16, 2014

This module exploits a vulnerability in the update functionality of Malwarebytes Anti-Malware consumer before 2.0.3 and Malwarebytes Anti-Exploit consumer 1.03.1.1220. Due to the lack of proper update package validation, a man-in-the-middle (MITM) attacker could execute arbitrary code by spoofing the update server...

ManageEngine Multiple Products Authenticated File Upload Exploit

Disclosed: December 15, 2014

This module exploits a directory traversal vulnerability in ManageEngine ServiceDesk, AssetExplorer, SupportCenter and IT360 when uploading attachment files. The JSP that accepts the upload does not handle correctly '../' sequences, which can be abused to write to the file system. Authentication is needed to exploit this ...

WordPress WP Symposium 14.11 Shell Upload Exploit

Disclosed: December 11, 2014

WP Symposium Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This flaw exists because the /wp-symposium/server/file_upload_form.php script does not properly verify or sanitize user-uploaded files. By uploading a .php file, the remote system will place the f...

BMC TrackIt! Unauthenticated Arbitrary User Password Change Exploit

Disclosed: December 09, 2014

This module exploits a flaw in the password reset mechanism in BMC TrackIt! 11.3 and possibly prior versions. If the password reset service is configured to use a domain administrator (which is the recommended configuration), then domain credentials can be reset (such as domain Administrator).

Lexmark MarkVision Enterprise Arbitrary File Upload Exploit

Disclosed: December 09, 2014

This module exploits a code execution flaw in Lexmark MarkVision Enterprise before version 2.1. A directory traversal vulnerability in the GfdFileUploadServlet servlet allows an unauthenticated attacker to upload arbitrary files, including arbitrary JSP code. This module has been tested successfully on Lexmark MarkVision ...

ProjectSend Arbitrary File Upload Exploit

Disclosed: December 02, 2014

This module exploits a file upload vulnerability in ProjectSend revisions 100 to 561. The 'process-upload.php' file allows unauthenticated users to upload PHP files resulting in remote code execution as the web server user.