Disclosed: April 08, 2014
This module takes advantage of two vulnerabilities in order to gain remote code execution as root
as an otherwise non-privileged authorized user. By taking advantage of a mass assignment
vulnerability that allows an unprivileged authenticated user to change the admininistrator's
password hash, the module updates the passw...
Disclosed: April 07, 2014
This module implements the OpenSSL Heartbleed attack. The problem
exists in the handling of heartbeat requests, where a fake length can
be used to leak memory data in the response. Services that support
STARTTLS may also be vulnerable.
The module supports several actions, allowing for scanning, dumping of
Disclosed: April 07, 2014
This module provides a fake SSL service that is intended to
leak memory from client systems as they connect. This module is
hardcoded for using the AES-128-CBC-SHA1 cipher.
Disclosed: April 04, 2014
This module exploits a command injection vulnerability found in the eScan Web Management
Console. The vulnerability exists while processing CheckPass login requests. An attacker
with a valid username can use a malformed password to execute arbitrary commands. With
mwconf privileges, the runasroot utility can be abused to ...
Disclosed: April 01, 2014
This module creates a malicious RTF file that when opened in
vulnerable versions of Microsoft Word will lead to code execution.
The flaw exists in how a listoverridecount field can be modified
to treat one structure as another.
This bug was originally seen being exploited in the wild starting
in April 201...
Disclosed: March 31, 2014
EMC CTA v10.0 is susceptible to an unauthenticated XXE attack
that allows an attacker to read arbitrary files from the file system
with the permissions of the root user.
Disclosed: March 30, 2014
AlienVault 4.5.0 is susceptible to an authenticated SQL injection attack via a PNG
generation PHP file. This module exploits this to read an arbitrary file from
the file system. Any authenticated user is able to exploit it, as administrator
privileges aren't required.
Disclosed: March 26, 2014
Disclosed: March 24, 2014
This module exploits a missing authorization vulnerability in the
"update_roles" action of "users" controller of Katello and Red Hat Satellite
(Katello 1.5.0-14 and earlier) by changing the specified account to an
Disclosed: March 21, 2014
When authenticated as an administrator on LifeSize UVC 1.2.6, an attacker
can abuse the ping diagnostic functionality to achieve remote command
execution as the www-data user (or equivalent).