Disclosed: August 25, 2014
This module identifies NTP servers which permit mode 6 UNSETTRAP requests that
can be used to conduct DRDoS attacks. In some configurations, NTP servers will
respond to UNSETTRAP requests with multiple packets, allowing remote attackers
to cause a distributed, reflected denial of service (aka, "DRDoS" or traffic
Disclosed: August 24, 2014
This module attempts to execute an arbitrary payload on a loose gdbserver service.
Disclosed: August 19, 2014
This module exploits an authentication bypass vulnerability in Solarwinds Storage Manager.
The vulnerability exists in the AuthenticationFilter, which allows to bypass authentication
with specially crafted URLs. After bypassing authentication, is possible to use a file
upload function to achieve remote code execution. Thi...
Disclosed: August 09, 2014
This module allows an unauthenticated user to interact with the Yokogawa
CENTUM CS3000 BKBCopyD.exe service through the PMODE, RETR and STOR
Disclosed: August 07, 2014
The WordPress custom-contact-forms plugin <= 126.96.36.199 allows unauthenticated users to download
a SQL dump of the plugins database tables. It's also possible to upload files containing
SQL statements which will be executed. The module first tries to extract the WordPress
table prefix from the dump and then attempts to...
Disclosed: August 06, 2014
Wordpress XMLRPC parsing is vulnerable to a XML based denial of service.
This vulnerability affects Wordpress 3.5 - 3.9.2 (3.8.4 and 3.7.4 are
Disclosed: August 04, 2014
This module exploits a PHP code execution vulnerability in
HybridAuth versions 2.0.9 to 2.2.2. The install file 'install.php'
is not removed after installation allowing unauthenticated users to
write PHP code to the application configuration file 'config.php'.
Note: This exploit will overwrite the application con...
Disclosed: July 22, 2014
A vulnerability within the MQAC.sys module allows an attacker to
overwrite an arbitrary location in kernel memory.
This module will elevate itself to SYSTEM, then inject the payload
into another SYSTEM process.
Disclosed: July 18, 2014
A vulnerability within Microsoft Bluetooth Personal Area Networking module,
BthPan.sys, can allow an attacker to inject memory controlled by the attacker
into an arbitrary location. This can be used by an attacker to overwrite
HalDispatchTable+0x4 and execute arbitrary code by subsequently calling
Disclosed: July 17, 2014
This module exploits a buffer overflow vulnerability in Advantec WebAccess. The
vulnerability exists in the dvs.ocx ActiveX control, where a dangerous call to
sprintf can be reached with user controlled data through the GetColor function.
This module has been tested successfully on Windows XP SP3 with IE6 and Windows