Search Hints

  • Try searching for a product or vendor.
  • Only vulnerabilities that match all search terms will be returned.
  • Enclose search terms in double quotes for an exact search.
  • For CVE searches, only enter the CVE-YYYY-XXXX code.

Displaying module details 31 - 40 of 2840 in total

Hikvision DVR RTSP Request Remote Code Execution Exploit

Disclosed: November 19, 2014

This module exploits a buffer overflow in the RTSP request parsing code of Hikvision DVR appliances. The Hikvision DVR devices record video feeds of surveillance cameras and offer remote administration and playback of recorded footage. The vulnerability is present in several models / firmware versions but...

MS14-068 Microsfot Kerberos Checksum Validation Vulnerability Exploit

Disclosed: November 18, 2014

This module exploits a vulnerability in the Microsoft Kerberos implementation. The problem exists in the verification of the Privilege Attribute Certificate (PAC) from a Kerberos TGS request, where a domain user may forge a PAC with arbitrary privileges, including Domain Administrator. This module requests a TGT ticket wi...

Cisco DLSw Information Disclosure Scanner Exploit

Disclosed: November 17, 2014

This module implements the DLSw information disclosure retrieval. There is a bug in Cisco's DLSw implementation affecting 12.x and 15.x trains that allows an unuthenticated remote attacker to retrieve the partial contents of packets traversing a Cisco router with DLSw configured and active.

Microsoft Internet Explorer Windows OLE Automation Array Remote Code Execution Exploit

Disclosed: November 13, 2014

This module exploits the Windows OLE Automation array vulnerability, CVE-2014-6332. The vulnerability affects Internet Explorer 3.0 until version 11 within Windows95 up to Windows 10. For this module to be successful, powershell is required on the target machine. On Internet Explorer versions using Protected Mode, the use...

MS14-064 Microsoft Windows OLE Package Manager Code Execution Through Python Exploit

Disclosed: November 12, 2014

This module exploits a vulnerability found in Windows Object Linking and Embedding (OLE) allowing arbitrary code execution, bypassing the patch MS14-060, for the vulnerability publicly known as "Sandworm", on systems with Python for Windows installed. Windows Vista SP2 all the way to Windows 8, Windows Server 2008 and 201...

Samsung Galaxy KNOX Android Browser RCE Exploit

Disclosed: November 12, 2014

A vulnerability exists in the KNOX security component of the Samsung Galaxy firmware that allows a remote webpage to install an APK with arbitrary permissions by abusing the 'smdm://' protocol handler registered by the KNOX component. The vulnerability has been confirmed in the Samsung Galaxy S4, S5, Note 3, ...

MS14-070 Windows tcpip!SetAddrOptions NULL Pointer Dereference Exploit

Disclosed: November 11, 2014

A vulnerability within the Microsoft TCP/IP protocol driver tcpip.sys can allow a local attacker to trigger a NULL pointer dereference by using a specially crafted IOCTL. This flaw can be abused to elevate privileges to SYSTEM.

WordPress Photo Gallery Unrestricted File Upload Exploit

Disclosed: November 11, 2014

Photo Gallery Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This flaw exists because the photo-gallery\photo-gallery.php script allows access to filemanager\UploadHandler.php. The post() method in UploadHa...

MantisBT XmlImportExport Plugin PHP Code Injection Vulnerability Exploit

Disclosed: November 08, 2014

This module exploits a post-auth vulnerability found in MantisBT versions 1.2.0a3 up to 1.2.17 when the Import/Export plugin is installed. The vulnerable code exists on plugins/XmlImportExport/ImportXml.php, which receives user input through the "description" field and the "issuelink" attribute of an uploaded XML file and passes to preg_...

ManageEngine Password Manager Pro SQL Injection Exploit

Disclosed: November 08, 2014

ManageEngine Password Manager Pro (PMP) has an authenticated blind SQL injection vulnerability in that can be abused to escalate privileges and obtain Super Administrator access. A Super Administrator can then use his privileges to dump the whole password database in CSV format. PMP can use ...