Search Hints

  • Try searching for a product or vendor.
  • Only vulnerabilities that match all search terms will be returned.
  • Enclose search terms in double quotes for an exact search.
  • For CVE searches, only enter the CVE-YYYY-XXXX code.

Displaying module details 41 - 50 of 2711 in total

Wordpress MailPoet Newsletters (wysija-newsletters) Unauthenticated File Upload Exploit

Disclosed: July 01, 2014

The Wordpress plugin "MailPoet Newsletters" (wysija-newsletters) before 2.6.8 is vulnerable to an unauthenticated file upload. The exploit uses the Upload Theme functionality to upload a zip file containing the payload. The plugin uses the admin_init hook, which is also executed for unauthenticated users when access...

Gitlist Unauthenticated Remote Command Execution Exploit

Disclosed: June 30, 2014

This module exploits an unauthenticated remote command execution vulnerability in version 0.4.0 of Gitlist. The problem exists in the handling of an specially crafted file name when trying to blame it.

VMTurbo Operations Manager vmtadmin.cgi Remote Command Execution Exploit

Disclosed: June 25, 2014

VMTurbo Operations Manager 4.6 and prior are vulnerable to unauthenticated OS Command injection in the web interface. Use reverse payloads for the most reliable results. Since it is a blind OS command injection vulnerability, there is no output for the executed command when using the cmd generic payload. P...

Supermicro Onboard IPMI Port 49152 Sensitive File Exposure Exploit

Disclosed: June 19, 2014

This module abuses a file exposure vulnerability accessible through the web interface on port 49152 of Supermicro Onboard IPMI controllers. The vulnerability allows an attacker to obtain detailed device information and download data files containing the clear-text usernames and passwords for the controller. In May of 201...

Wing FTP Server Authenticated Command Execution Exploit

Disclosed: June 19, 2014

This module exploits the embedded Lua interpreter in the admin web interface for versions 4.3.8 and below. When supplying a specially crafted HTTP POST request an attacker can use os.execute() to execute arbitrary system commands on the target with SYSTEM privileges.

ManageEngine Desktop Central / Password Manager LinkViewFetchServlet.dat SQL Injection Exploit

Disclosed: June 08, 2014

This module exploits an unauthenticated blind SQL injection in LinkViewFetchServlet, which is exposed in ManageEngine Desktop Central v7 build 70200 to v9 build 90033 and Password Manager Pro v6 build 6500 to v7 build 7002 (including the MSP versions). The SQL injection can be used to achieve remote code execution as SYST...

OpenSSL Server-Side ChangeCipherSpec Injection Scanner Exploit

Disclosed: June 05, 2014

This module checks for the OpenSSL ChangeCipherSpec (CCS) Injection vulnerability. The problem exists in the handling of early CCS messages during session negotiation. Vulnerable installations of OpenSSL accepts them, while later implementations do not. If successful, an attacker can leverage this vulnerability to...

OpenSSL DTLS Fragment Buffer Overflow DoS Exploit

Disclosed: June 05, 2014

This module performs a Denial of Service Attack against Datagram TLS in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h. This occurs when a DTLS ClientHello message has multiple fragments and the fragment lengths of later fragments are larger than that of the first, a buffer overflow occurs, c...

Ericom AccessNow Server Buffer Overflow Exploit

Disclosed: June 02, 2014

This module exploits a stack based buffer overflow in Ericom AccessNow Server. The vulnerability is due to an insecure usage of vsprintf with user controlled data, which can be triggered with a malformed HTTP request. This module has been tested successfully with Ericom AccessNow Server on Windows XP SP3 and Windo...