Search Hints

  • Try searching for a product or vendor.
  • Only vulnerabilities that match all search terms will be returned.
  • Enclose search terms in double quotes for an exact search.
  • For CVE searches, only enter the CVE-YYYY-XXXX code.

Displaying module details 21 - 30 of 2646 in total

Wireshark CAPWAP Dissector DoS Exploit

Disclosed: April 28, 2014

This module injects a malformed UDP packet to crash Wireshark and TShark 1.8.0 to 1.8.7, as well as 1.6.0 to 1.6.15. The vulnerability exists in the CAPWAP dissector which fails to handle a packet correctly when an incorrect length is given.

AlienVault OSSIM SQL Injection and Remote Code Execution Exploit

Disclosed: April 24, 2014

This module exploits an unauthenticated SQL injection vulnerability affecting AlienVault OSSIM versions 4.3.1 and lower. The SQL injection issue can be abused in order to retrieve an active admin session ID. If an administrator level user is identified, remote code execution can be gained by creating a high priority poli...

Oracle Event Processing FileUploadServlet Arbitrary File Upload Exploit

Disclosed: April 21, 2014

This module exploits an arbitrary file upload vulnerability in Oracle Event Processing The FileUploadServlet component, which requires no authentication, can be abused to upload a malicious file onto an arbitrary location due to a directory traversal flaw, and compromise the server. By default Oracle Event Pro...

Adobe Reader for Android addJavascriptInterface Exploit Exploit

Disclosed: April 13, 2014

Adobe Reader versions less than 11.2.0 exposes insecure native interfaces to untrusted javascript in a PDF. This module embeds the browser exploit from android/webview_addjavascriptinterface into a PDF to get a command shell on vulnerable versions of Reader.

Mac OS X NFS Mount Privilege Escalation Exploit Exploit

Disclosed: April 11, 2014

This exploit leverages a stack overflow vulnerability to escalate privileges. The vulnerable function nfs_convert_old_nfs_args does not verify the size of a user-provided argument before copying it to the stack. As a result, by passing a large size as an argument, a local user can overwrite the stack with arbitrary ...

Sophos Web Protection Appliance Interface Authenticated Arbitrary Command Execution Exploit

Disclosed: April 08, 2014

This module takes advantage of two vulnerabilities in order to gain remote code execution as root as an otherwise non-privileged authorized user. By taking advantage of a mass assignment vulnerability that allows an unprivileged authenticated user to change the admininistrator's password hash, the module updates the passw...

Advantech WebAccess SQL Injection Exploit

Disclosed: April 08, 2014

This module exploits a SQL injection vulnerability found in Advantech WebAccess 7.1. The vulnerability exists in the DBVisitor.dll component, and can be abused through malicious requests to the ChartThemeConfig web service. This module can be used to extract the site and project usernames and hashes.

OpenSSL Heartbeat (Heartbleed) Information Leak Exploit

Disclosed: April 07, 2014

This module implements the OpenSSL Heartbleed attack. The problem exists in the handling of heartbeat requests, where a fake length can be used to leak memory data in the response. Services that support STARTTLS may also be vulnerable. The module supports several actions, allowing for scanning, dumping of ...