Search Hints

  • Try searching for a product or vendor.
  • Only vulnerabilities that match all search terms will be returned.
  • Enclose search terms in double quotes for an exact search.
  • For CVE searches, only enter the CVE-YYYY-XXXX code.

Displaying module details 31 - 40 of 2925 in total

WordPress Ultimate CSV Importer User Table Extract Exploit

Disclosed: February 02, 2015

Due to lack of verification of a visitor's permissions, it is possible to execute the 'export.php' script included in the default installation of the Ultimate CSV Importer plugin and retrieve the full contents of the user table in the WordPress installation. This results in full disclosure of usernames, hashed pas...

Adobe Flash Player ByteArray With Workers Use After Free Exploit

Disclosed: February 02, 2015

This module exploits a use-after-free vulnerability in Adobe Flash Player. The vulnerability occurs when the ByteArray assigned to the current ApplicationDomain is freed from an ActionScript worker, which can fill the memory and notify the main thread to corrupt the new contents. This module has been tested successfully o...

MS15-018 Microsoft Internet Explorer 10 and 11 Cross-Domain JavaScript Injection Exploit

Disclosed: February 01, 2015

This module exploits a universal cross-site scripting (UXSS) vulnerability found in Internet Explorer 10 and 11. By default, you will steal the cookie from TARGET_URI (which cannot have X-Frame-Options or it will fail). You can also have your own custom JavaScript by setting the CUSTOMJS option. Lastly, you might ne...

X360 VideoPlayer ActiveX Control Buffer Overflow Exploit

Disclosed: January 30, 2015

This module exploits a buffer overflow in the VideoPlayer.ocx ActiveX installed with the X360 Software. By setting an overly long value to 'ConvertFile()',an attacker can overrun a .data buffer to bypass ASLR/DEP and finally execute arbitrary code.

ManageEngine Multiple Products Arbitrary File Download Exploit

Disclosed: January 28, 2015

This module exploits an arbitrary file download vulnerability in the FailOverHelperServlet on ManageEngine OpManager, Applications Manager and IT360. This vulnerability is unauthenticated on OpManager and Applications Manager, but authenticated in IT360. This module will attempt to login using the default credentials for ...

ManageEngine Multiple Products Arbitrary Directory Listing Exploit

Disclosed: January 28, 2015

This module exploits a directory listing information disclosure vulnerability in the FailOverHelperServlet on ManageEngine OpManager, Applications Manager and IT360. It makes a recursive listing, so it will list the whole drive if you ask it to list / in Linux or C:\ in Windows. This vulnerability is unauthenticated on Op...

Exim GHOST (glibc gethostbyname) Buffer Overflow Exploit

Disclosed: January 27, 2015

This module remotely exploits CVE-2015-0235, aka GHOST, a heap-based buffer overflow in the GNU C Library's gethostbyname functions on x86 and x86_64 GNU/Linux systems that run the Exim mail server.

IPass Control Pipe Remote Command Execution Exploit

Disclosed: January 21, 2015

This module exploits a vulnerability in the IPass Client service. This service provides a named pipe which can be accessed by the user group BUILTIN\Users. This pipe can be abused to force the service to load a DLL from a SMB share.

WordPress Platform Theme File Upload Vulnerability Exploit

Disclosed: January 21, 2015

The WordPress Theme "platform" contains a remote code execution vulnerability through an unchecked admin_init call. The theme includes the uploaded file from it's temp filename with php's include function.

WordPress Pixabay Images PHP Code Upload Exploit

Disclosed: January 19, 2015

This module exploits multiple vulnerabilities in the WordPress plugin Pixabay Images 2.3.6. The plugin does not check the host of a provided download URL which can be used to store and execute malicious PHP code on the system.