Search Hints

  • Try searching for a product or vendor.
  • Only vulnerabilities that match all search terms will be returned.
  • Enclose search terms in double quotes for an exact search.
  • For CVE searches, only enter the CVE-YYYY-XXXX code.

Displaying module details 31 - 40 of 2649 in total

Advantech WebAccess SQL Injection Exploit

Disclosed: April 08, 2014

This module exploits a SQL injection vulnerability found in Advantech WebAccess 7.1. The vulnerability exists in the DBVisitor.dll component, and can be abused through malicious requests to the ChartThemeConfig web service. This module can be used to extract the site and project usernames and hashes.

Sophos Web Protection Appliance Interface Authenticated Arbitrary Command Execution Exploit

Disclosed: April 08, 2014

This module takes advantage of two vulnerabilities in order to gain remote code execution as root as an otherwise non-privileged authorized user. By taking advantage of a mass assignment vulnerability that allows an unprivileged authenticated user to change the admininistrator's password hash, the module updates the passw...

OpenSSL Heartbeat (Heartbleed) Information Leak Exploit

Disclosed: April 07, 2014

This module implements the OpenSSL Heartbleed attack. The problem exists in the handling of heartbeat requests, where a fake length can be used to leak memory data in the response. Services that support STARTTLS may also be vulnerable. The module supports several actions, allowing for scanning, dumping of ...

eScan Web Management Console Command Injection Exploit

Disclosed: April 04, 2014

This module exploits a command injection vulnerability found in the eScan Web Management Console. The vulnerability exists while processing CheckPass login requests. An attacker with a valid username can use a malformed password to execute arbitrary commands. With mwconf privileges, the runasroot utility can be abused to ...

MS14-017 Microsoft Word RTF Object Confusion Exploit

Disclosed: April 01, 2014

This module creates a malicious RTF file that when opened in vulnerable versions of Microsoft Word will lead to code execution. The flaw exists in how a listoverridecount field can be modified to treat one structure as another. This bug was originally seen being exploited in the wild starting in April 201...

AlienVault Authenticated SQL Injection Arbitrary File Read Exploit

Disclosed: March 30, 2014

AlienVault 4.5.0 is susceptible to an authenticated SQL injection attack via a PNG generation PHP file. This module exploits this to read an arbitrary file from the file system. Any authenticated user is able to exploit it, as administrator privileges aren't required.