Search Hints

  • Try searching for a product or vendor.
  • Only vulnerabilities that match all search terms will be returned.
  • Enclose search terms in double quotes for an exact search.
  • For CVE searches, only enter the CVE-YYYY-XXXX code.

Displaying module details 41 - 50 of 2936 in total

IPass Control Pipe Remote Command Execution Exploit

Disclosed: January 21, 2015

This module exploits a vulnerability in the IPass Client service. This service provides a named pipe which can be accessed by the user group BUILTIN\Users. This pipe can be abused to force the service to load a DLL from a SMB share.

WordPress Platform Theme File Upload Vulnerability Exploit

Disclosed: January 21, 2015

The WordPress Theme "platform" contains a remote code execution vulnerability through an unchecked admin_init call. The theme includes the uploaded file from it's temp filename with php's include function.

WordPress Pixabay Images PHP Code Upload Exploit

Disclosed: January 19, 2015

This module exploits multiple vulnerabilities in the WordPress plugin Pixabay Images 2.3.6. The plugin does not check the host of a provided download URL which can be used to store and execute malicious PHP code on the system.

MS15-004 Microsoft Remote Desktop Services Web Proxy IE Sandbox Escape Exploit

Disclosed: January 13, 2015

This module abuses a process creation policy in Internet Explorer's sandbox; specifically, Microsoft's RemoteApp and Desktop Connections runtime proxy, TSWbPrxy.exe. This vulnerability allows the attacker to escape the Protected Mode and execute code with Medium Integrity. At the moment, this module only bypass P...

OpenNMS Authenticated XXE Exploit

Disclosed: January 08, 2015

OpenNMS is vulnerable to XML External Entity Injection in the Real-Time Console interface. Although this attack requires authentication, there are several factors that increase the severity of this vulnerability. 1. OpenNMS runs with root privileges, taken from the OpenNMS FAQ: "The difficulty with the core of OpenNMS is...

WordPress WP EasyCart Unrestricted File Upload Exploit

Disclosed: January 08, 2015

WordPress Shopping Cart (WP EasyCart) Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This flaw exists because the /inc/amfphp/administration/banneruploaderscript.php ...

McAfee ePolicy Orchestrator Authenticated XXE Credentials Exposure Exploit

Disclosed: January 06, 2015

This module will exploit an authenticated XXE vulnerability to read the keystore.properties off of the filesystem. This properties file contains an encrypted password that is set during installation. What is interesting about this password is that it is set as the same password as the database 'sa' user and of the admin user cr...

ManageEngine Desktop Central Administrator Account Creation Exploit

Disclosed: December 31, 2014

This module exploits an administrator account creation vulnerability in Desktop Central from v7 onwards by sending a crafted request to DCPluginServelet. It has been tested in several versions of Desktop Central (including MSP) from v7 onwards.

Achat Unicode SEH Buffer Overflow Exploit

Disclosed: December 18, 2014

This module exploits a Unicode SEH buffer overflow in Achat. By sending a crafted message to the default port 9256/UDP, it's possible to overwrite the SEH handler. Even when the exploit is reliable, it depends on timing since there are two threads overflowing the stack in the same time. This module has been tested on ...

Malicious Git and Mercurial HTTP Server For CVE-2014-9390 Exploit

Disclosed: December 18, 2014

This module exploits CVE-2014-9390, which affects Git (versions less than 1.8.5.6, 1.9.5, 2.0.5, 2.1.4 and 2.2.1) and Mercurial (versions less than 3.2.3) and describes three vulnerabilities. On operating systems which have case-insensitive file systems, like Windows and OS X, Git clients can be convinced to retr...