Search Hints

  • Try searching for a product or vendor.
  • Only vulnerabilities that match all search terms will be returned.
  • Enclose search terms in double quotes for an exact search.
  • For CVE searches, only enter the CVE-YYYY-XXXX code.

Displaying module details 31 - 40 of 2761 in total

Apache mod_cgi Bash Environment Variable Code Injection Exploit

Disclosed: September 24, 2014

This module exploits a code injection in specially crafted environment variables in Bash, specifically targeting Apache mod_cgi scripts through the HTTP_USER_AGENT variable by default.

Pure-FTPd External Authentication Bash Environment Variable Code Injection Exploit

Disclosed: September 24, 2014

This module exploits the code injection flaw known as Shellshock, which leverages specially crafted environment variables in Bash. Please note that this exploit specifically targets Pure-FTPd compiled with the --with-extauth flag, and an external Bash program for authentication. If the server is not set up this way, ...

Dhclient Bash Environment Variable Injection Exploit

Disclosed: September 24, 2014

When bash is started with an environment variable that begins with the string "() {", that variable is treated as a function definition and parsed as code. If extra commands are added after the function definition, they will be executed immediately. When dhclient receives an ACK that contains a domain name or host...

Mac OS X IOKit Keyboard Driver Root Privilege Escalation Exploit

Disclosed: September 24, 2014

A heap overflow in IOHIKeyboardMapper::parseKeyMapping allows kernel memory corruption in Mac OS X before 10.10. By abusing a bug in the IORegistry, kernel pointers can also be leaked, allowing a full kASLR bypass. Tested on Mavericks 10.9.5, and should work on previous versions. The issue was patched silently i...

CUPS Filter Bash Environment Variable Code Injection Exploit

Disclosed: September 24, 2014

This module exploits Shellshock, a post-authentication code injection vulnerability in specially crafted environment variables in Bash. It specifically targets CUPS filters through the PRINTER_INFO and PRINTER_LOCATION variables by default.

Apache mod_cgi Bash Environment Variable RCE Scanner Exploit

Disclosed: September 24, 2014

This module exploits a code injection in specially crafted environment variables in Bash, specifically targeting Apache mod_cgi scripts through the HTTP_USER_AGENT variable by default. PROTIP: Use exploit/multi/handler with a PAYLOAD appropriate to your CMD, set ExitOnSession false, run -j, and then run this modu...

DHCP Client Bash Environment Variable Code Injection Exploit

Disclosed: September 24, 2014

This module exploits a code injection in specially crafted environment variables in Bash, specifically targeting dhclient network configuration scripts through the HOSTNAME, DOMAINNAME, and URL DHCP options.

Citrix NetScaler SOAP Handler Remote Code Execution Exploit

Disclosed: September 22, 2014

This module exploits a memory corruption vulnerability on the Citrix NetScaler Appliance. The vulnerability exists in the SOAP handler, accessible through the web interface. A malicious SOAP requests can force the handler to connect to a malicious NetScaler config server. This malicious config server can send a specially ...

Rejetto HttpFileServer Remote Command Execution Exploit

Disclosed: September 11, 2014

Rejetto HttpFileServer (HFS) is vulnerable to remote command execution attack due to a poor regex in the file ParserLib.pas. This module exploits the HFS scripting commands by using '%00' to bypass the filtering. This module has been tested successfully on HFS 2.3b over Windows XP SP3, Windows 7 SP1 and Windows 8.