Search Hints

  • Try searching for a product or vendor.
  • Only vulnerabilities that match all search terms will be returned.
  • Enclose search terms in double quotes for an exact search.
  • For CVE searches, only enter the CVE-YYYY-XXXX code.

Displaying module details 41 - 50 of 2641 in total

SePortal SQLi Remote Code Execution Exploit

Disclosed: March 20, 2014

This module exploits a vulnerability found in SePortal version 2.5. When logging in as any non-admin user, it's possible to retrieve the admin session from the database through SQL injection. The SQL injection vulnerability exists in the "staticpages.php" page. This hash can be used to take over the admin user ses...

Quantum DXi V1000 SSH Private Key Exposure Exploit

Disclosed: March 17, 2014

Quantum ships a public/private key pair on DXi V1000 2.2.1 appliances that allows passwordless authentication to any other DXi box. Since the key is easily retrievable, an attacker can use it to gain unauthorized remote access as root.

Quantum vmPRO Backdoor Command Exploit

Disclosed: March 17, 2014

This module abuses a backdoor command in Quantum vmPRO. Any user, even one without admin privileges, can get access to the restricted SSH shell. By using the hidden backdoor "shell-escape" command it's possible to drop to a real root bash shell. This module has been tested successfully on Quantum vmPRO 3.1.2.

Loadbalancer.org Enterprise VA SSH Private Key Exposure Exploit

Disclosed: March 17, 2014

Loadbalancer.org ships a public/private key pair on Enterprise virtual appliances version 7.5.2 that allows passwordless authentication to any other LB Enterprise box. Since the key is easily retrievable, an attacker can use it to gain unauthorized remote access as root.

MS14-012 Microsoft Internet Explorer TextRange Use-After-Free Exploit

Disclosed: March 11, 2014

This module exploits a use-after-free vulnerability found in Internet Explorer. The flaw was most likely introduced in 2013, therefore only certain builds of MSHTML are affected. In our testing with IE9, these vulnerable builds appear to be between 9.0.8112.16496 and 9.0.8112.16533, which implies the vulnerability shipped...

Yokogawa CS3000 BKESimmgr.exe Buffer Overflow Exploit

Disclosed: March 10, 2014

This module exploits an stack based buffer overflow on Yokogawa CS3000. The vulnerability exists in the BKESimmgr.exe service when handling specially crafted packets, due to an insecure usage of memcpy, using attacker controlled data as the size count. This module has been tested successfully in Yokogawa CS3000 R3.08.50 o...

Yokogawa CENTUM CS 3000 BKCLogSvr.exe Heap Buffer Overflow Exploit

Disclosed: March 10, 2014

This module abuses a buffer overflow vulnerability to trigger a Denial of Service of the BKCLogSvr component in the Yokogaca CENTUM CS 3000 product. The vulnerability exists in the handling of malformed log packets, with an unexpected long level field. The root cause of the vulnerability is a combination of usage of unini...

Firefox Exec Shellcode from Privileged Javascript Shell Exploit

Disclosed: March 10, 2014

This module allows execution of native payloads from a privileged Firefox Javascript shell. It places the specified payload into memory, adds the necessary protection flags, and calls it, which can be useful for upgrading a Firefox javascript shell to a Meterpreter session without touching the disk.

Safari User-Assisted Download and Run Attack Exploit

Disclosed: March 10, 2014

This module abuses some Safari functionality to force the download of a zipped .app OSX application containing our payload. The app is then invoked using a custom URL scheme. At this point, the user is presented with Gatekeeper's prompt: "APP_NAME" is an application downloaded from the internet. Are you sure you ...

Yokogawa CENTUM CS 3000 BKHOdeq.exe Buffer Overflow Exploit

Disclosed: March 10, 2014

This module exploits a stack based buffer overflow in Yokogawa CENTUM CS 3000. The vulnerability exists in the service BKHOdeq.exe when handling specially crafted packets. This module has been tested successfully on Yokogawa CENTUM CS 3000 R3.08.50 over Windows XP SP3 and Windows 2003 SP2.