Search Hints

  • Try searching for a product or vendor.
  • Only vulnerabilities that match all search terms will be returned.
  • Enclose search terms in double quotes for an exact search.
  • For CVE searches, only enter the CVE-YYYY-XXXX code.

Displaying module details 41 - 50 of 2847 in total

Samsung Galaxy KNOX Android Browser RCE Exploit

Disclosed: November 12, 2014

A vulnerability exists in the KNOX security component of the Samsung Galaxy firmware that allows a remote webpage to install an APK with arbitrary permissions by abusing the 'smdm://' protocol handler registered by the KNOX component. The vulnerability has been confirmed in the Samsung Galaxy S4, S5, Note 3, ...

MS14-070 Windows tcpip!SetAddrOptions NULL Pointer Dereference Exploit

Disclosed: November 11, 2014

A vulnerability within the Microsoft TCP/IP protocol driver tcpip.sys can allow a local attacker to trigger a NULL pointer dereference by using a specially crafted IOCTL. This flaw can be abused to elevate privileges to SYSTEM.

WordPress Photo Gallery Unrestricted File Upload Exploit

Disclosed: November 11, 2014

Photo Gallery Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This flaw exists because the photo-gallery\photo-gallery.php script allows access to filemanager\UploadHandler.php. The post() method in UploadHa...

MantisBT XmlImportExport Plugin PHP Code Injection Vulnerability Exploit

Disclosed: November 08, 2014

This module exploits a post-auth vulnerability found in MantisBT versions 1.2.0a3 up to 1.2.17 when the Import/Export plugin is installed. The vulnerable code exists on plugins/XmlImportExport/ImportXml.php, which receives user input through the "description" field and the "issuelink" attribute of an uploaded XML file and passes to preg_...

ManageEngine Password Manager Pro SQL Injection Exploit

Disclosed: November 08, 2014

ManageEngine Password Manager Pro (PMP) has an authenticated blind SQL injection vulnerability in that can be abused to escalate privileges and obtain Super Administrator access. A Super Administrator can then use his privileges to dump the whole password database in CSV format. PMP can use ...

i-FTP Schedule Buffer Overflow Exploit

Disclosed: November 06, 2014

This module exploits a stack-based buffer overflow vulnerability in i-Ftp v2.20, caused by a long time value set for scheduled download. By persuading the victim to place a specially-crafted Schedule.xml file in the i-FTP folder, a remote attacker could execute arbitrary code on the system or cause the applicatio...

ManageEngine Eventlog Analyzer Managed Hosts Administrator Credential Disclosure Exploit

Disclosed: November 05, 2014

ManageEngine Eventlog Analyzer from v7 to v9.9 b9002 has two security vulnerabilities that allow an unauthenticated user to obtain the superuser password of any managed Windows and AS/400 hosts. This module abuses both vulnerabilities to collect all the available usernames and passwords. First the agentHandler servlet is ...

Visual Mining NetCharts Server Remote Code Execution Exploit

Disclosed: November 03, 2014

This module exploits multiple vulnerabilities in Visual Mining NetCharts. First, a lack of input validation in the administration console permits arbitrary jsp code upload to locations accessible later through the web service. Authentication is typically required, however a 'hidden' user is available by default (a...

HP Data Protector 8.10 Remote Command Execution Exploit

Disclosed: November 02, 2014

This module exploits a remote command execution on HP Data Protector 8.10. Arbitrary commands can be execute by sending crafted requests with opcode 28 to the OmniInet service listening on the TCP/5555 port. Since there is an strict length limitation on the command, rundll32.exe is executed, and the payload is provided th...

tnftp "savefile" Arbitrary Command Execution Exploit

Disclosed: October 28, 2014

This module exploits an arbitrary command execution vulnerability in tnftp's handling of the resolved output filename - called "savefile" in the source - from a requested resource. If tnftp is executed without the -o command-line option, it will resolve the output filename from the last component of the requested...