Search Hints

  • Try searching for a product or vendor.
  • Only vulnerabilities that match all search terms will be returned.
  • Enclose search terms in double quotes for an exact search.
  • For CVE searches, only enter the CVE-YYYY-XXXX code.

Displaying module details 31 - 40 of 3011 in total

D-Link/TRENDnet NCC Service Command Injection Exploit

Disclosed: February 26, 2015

This module exploits a remote command injection vulnerability on several routers. The vulnerability exists in the ncc service, while handling ping commands. This module has been tested on a DIR-626L emulated environment. Several D-Link and TRENDnet devices are reported as affected, including: D-Link DIR-626L (Rev A) v1.04...

WordPress WP EasyCart Plugin Privilege Escalation Exploit

Disclosed: February 25, 2015

The WordPress WP EasyCart plugin from version 1.1.30 to 3.0.20 allows authenticated users of any user level to set any system option via a lack of validation in the ec_ajax_update_option and ec_ajax_clear_all_taxrates functions located in /inc/admin/admin_ajax_functions.php. The module first changes the admin e-mail addr...

WordPress Admin Shell Upload Exploit

Disclosed: February 21, 2015

This module will generate a plugin, pack the payload into it and upload it to a server running WordPress providing valid admin credentials are used.

Javascript Injection for Eval-based Unpackers Exploit

Disclosed: February 18, 2015

This module generates a Javascript file that executes arbitrary code when an eval-based unpacker is run on it. Works against js-beautify's P_A_C_K_E_R unpacker.

D-Link Devices HNAP SOAPAction-Header Command Execution Exploit

Disclosed: February 13, 2015

Different D-Link Routers are vulnerable to OS command injection in the HNAP SOAP interface. Since it is a blind OS command injection vulnerability, there is no output for the executed command. This module has been tested on a DIR-645 device. The following devices are also reported as affected: DAP-1522 revB, DAP-1650 revB...

SixApart MovableType Storable Perl Code Execution Exploit

Disclosed: February 11, 2015

This module exploits a serialization flaw in MovableType before 5.2.12 to execute arbitrary code. The default nondestructive mode depends on the target server having the Object::MultiType and DateTime Perl modules installed in Perl's @INC paths. The destructive mode of operation uses only required MovableType depend...

ElasticSearch Search Groovy Sandbox Bypass Exploit

Disclosed: February 11, 2015

This module exploits a remote command execution (RCE) vulnerability in ElasticSearch, exploitable by default on ElasticSearch prior to 1.4.3. The bug is found in the REST API, which does not require authentication, where the search function allows groovy code execution and its sandbox can be bypassed using java.lang.Math....

WordPress Holding Pattern Theme Arbitrary File Upload Exploit

Disclosed: February 11, 2015

This module exploits a file upload vulnerability in all versions of the Holding Pattern theme found in the upload_file.php script which contains no session or file validation. It allows unauthenticated users to upload files of any type and subsequently execute PHP scripts in the context of the web server.