Disclosed: August 07, 2014
The WordPress custom-contact-forms plugin <= 188.8.131.52 allows unauthenticated users to download
a SQL dump of the plugins database tables. It's also possible to upload files containing
SQL statements which will be executed. The module first tries to extract the WordPress
table prefix from the dump and then attempts to...
Disclosed: August 06, 2014
Wordpress XMLRPC parsing is vulnerable to a XML based denial of service.
This vulnerability affects Wordpress 3.5 - 3.9.2 (3.8.4 and 3.7.4 are
Disclosed: August 04, 2014
This module exploits a PHP code execution vulnerability in
HybridAuth versions 2.0.9 to 2.2.2. The install file 'install.php'
is not removed after installation allowing unauthenticated users to
write PHP code to the application configuration file 'config.php'.
Note: This exploit will overwrite the application con...
Disclosed: July 22, 2014
A vulnerability within the MQAC.sys module allows an attacker to
overwrite an arbitrary location in kernel memory.
This module will elevate itself to SYSTEM, then inject the payload
into another SYSTEM process.
Disclosed: July 18, 2014
A vulnerability within Microsoft Bluetooth Personal Area Networking module,
BthPan.sys, can allow an attacker to inject memory controlled by the attacker
into an arbitrary location. This can be used by an attacker to overwrite
HalDispatchTable+0x4 and execute arbitrary code by subsequently calling
Disclosed: July 17, 2014
This module exploits a buffer overflow vulnerability in Advantec WebAccess. The
vulnerability exists in the dvs.ocx ActiveX control, where a dangerous call to
sprintf can be reached with user controlled data through the GetColor function.
This module has been tested successfully on Windows XP SP3 with IE6 and Windows
Disclosed: July 15, 2014
A vulnerability within the VBoxGuest driver allows an attacker to inject memory they
control into an arbitrary location they define. This can be used by an attacker to
overwrite HalDispatchTable+0x4 and execute arbitrary code by subsequently calling
NtQueryIntervalProfile on Windows XP SP3 systems. This has been tested wi...
Disclosed: July 14, 2014
The Wordpress WPTouch plugin contains an auhtenticated file upload
vulnerability. A wp-nonce (CSRF token) is created on the backend index
page and the same token is used on handling ajax file uploads through
the plugin. By sending the captured nonce with the upload, we can
upload arbitrary files to the upl...
Disclosed: July 08, 2014
A website that serves a JSONP endpoint that accepts a custom alphanumeric
callback of 1200 chars can be abused to serve an encoded swf payload that
steals the contents of a same-domain URL. Flash < 184.108.40.206 is required.
This module spins up a web server that, upon navigation from a user, attempts
to abuse the s...
Disclosed: July 01, 2014
The Wordpress plugin "MailPoet Newsletters" (wysija-newsletters) before 2.6.8
is vulnerable to an unauthenticated file upload. The exploit uses the Upload Theme
functionality to upload a zip file containing the payload. The plugin uses the
admin_init hook, which is also executed for unauthenticated users when access...