Search Hints

  • Try searching for a product or vendor.
  • Only vulnerabilities that match all search terms will be returned.
  • Enclose search terms in double quotes for an exact search.
  • For CVE searches, only enter the CVE-YYYY-XXXX code.

Displaying module details 21 - 30 of 2690 in total

WordPress custom-contact-forms Plugin SQL Upload Exploit

Disclosed: August 07, 2014

The WordPress custom-contact-forms plugin <= 5.1.0.3 allows unauthenticated users to download a SQL dump of the plugins database tables. It's also possible to upload files containing sql statements which will be executed. The module first tries to extract the WordPress table prefix from the dump and then attempts to...

Wordpress XMLRPC DoS Exploit

Disclosed: August 06, 2014

Wordpress XMLRPC parsing is vulnerable to a XML based denial of service. This vulnerability affects Wordpress 3.5 - 3.9.2 (3.8.4 and 3.7.4 are also patched).

HybridAuth install.php PHP Code Execution Exploit

Disclosed: August 04, 2014

This module exploits a PHP code execution vulnerability in HybridAuth versions 2.0.9 to 2.2.2. The install file 'install.php' is not removed after installation allowing unauthenticated users to write PHP code to the application configuration file 'config.php'. Note: This exploit will overwrite the application con...

MQAC.sys Arbitrary Write Privilege Escalation Exploit

Disclosed: July 22, 2014

A vulnerability within the MQAC.sys module allows an attacker to overwrite an arbitrary location in kernel memory. This module will elevate itself to SYSTEM, then inject the payload into another SYSTEM process.

Advantech WebAccess dvs.ocx GetColor Buffer Overflow Exploit

Disclosed: July 17, 2014

This module exploits a buffer overflow vulnerability in Advantec WebAccess. The vulnerability exists in the dvs.ocx ActiveX control, where a dangerous call to sprintf can be reached with user controlled data through the GetColor function. This module has been tested successfully on Windows XP SP3 with IE6 and Windows ...

VirtualBox Guest Additions VBoxGuest.sys Privilege Escalation Exploit

Disclosed: July 15, 2014

A vulnerability within the VBoxGuest driver allows an attacker to inject memory they control into an arbitrary location they define. This can be used by an attacker to overwrite HalDispatchTable+0x4 and execute arbitrary code by subsequently calling NtQueryIntervalProfile on Windows XP SP3 systems. This has been tested wi...

Wordpress WPTouch Authenticated File Upload Exploit

Disclosed: July 14, 2014

The Wordpress WPTouch plugin contains an auhtenticated file upload vulnerability. A wp-nonce (CSRF token) is created on the backend index page and the same token is used on handling ajax file uploads through the plugin. By sending the captured nonce with the upload, we can upload arbitrary files to the upl...

Flash "Rosetta" JSONP GET/POST Response Disclosure Exploit

Disclosed: July 08, 2014

A website that serves a JSONP endpoint that accepts a custom alphanumeric callback of 1200 chars can be abused to serve an encoded swf payload that steals the contents of a same-domain URL. Flash < 14.0.0.145 is required. This module spins up a web server that, upon navigation from a user, attempts to abuse the s...

Wordpress MailPoet Newsletters (wysija-newsletters) Unauthenticated File Upload Exploit

Disclosed: July 01, 2014

The Wordpress plugin "MailPoet Newsletters" (wysija-newsletters) before 2.6.8 is vulnerable to an unauthenticated file upload. The exploit uses the Upload Theme functionality to upload a zip file containing the payload. The plugin uses the admin_init hook, which is also executed for unauthenticated users when access...

Gitlist Unauthenticated Remote Command Execution Exploit

Disclosed: June 30, 2014

This module exploits an unauthenticated remote command execution vulnerability in version 0.4.0 of Gitlist. The problem exists in the handling of an specially crafted file name when trying to blame it.