Disclosed: December 02, 2014
This module exploits a file upload vulnerability in ProjectSend
revisions 100 to 561. The 'process-upload.php' file allows
unauthenticated users to upload PHP files resulting in remote
code execution as the web server user.
Disclosed: November 30, 2014
This module exploits an arbitrary file download vulnerability in CSVServlet
on ManageEngine NetFlow Analyzer. This module has been tested on both Windows
and Linux with versions 8.6 to 10.2. Note that when typing Windows paths, you
must escape the backslash with a backslash.
Disclosed: November 27, 2014
This module exploits a PHP object injection vulnerability in Tuelap <= 7.6-4 which could be
abused to allow authenticated users to execute arbitrary code with the permissions of the
web server. The dangerous unserialize() call exists in the 'src/www/project/register.php'
file. The exploit abuses the destructor method from...
Disclosed: November 25, 2014
This module exploits a vulnerability found in Adobe Flash Player. A compilation logic error
in the PCRE engine, specifically in the handling of the \c escape sequence when followed by
a multi-byte UTF8 character, allows arbitrary execution of PCRE bytecode.
Disclosed: November 25, 2014
Arris VAP2500 access points are vulnerable to OS command injection in the web management
portal via the tools_command.php page. Though authentication is required to access this
page, it is trivially bypassed by setting the value of a cookie to an md5 hash of a valid
Disclosed: November 21, 2014
The GitLab 'internal' API is exposed unauthenticated on GitLab. This
allows the username for each SSH Key ID number to be retrieved. Users
who do not have an SSH Key cannot be enumerated in this fashion. LDAP
users, e.g. Active Directory users will also be returned. This issue
was fixed in GitLab v7.5.0 and is pre...
Disclosed: November 20, 2014
WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x
before 4.0.1 allows remote attackers to cause a denial of service
(CPU consumption) via a long password that is improperly handled
Disclosed: November 19, 2014
This module exploits a buffer overflow in the RTSP request parsing
code of Hikvision DVR appliances. The Hikvision DVR devices record
video feeds of surveillance cameras and offer remote administration
and playback of recorded footage.
The vulnerability is present in several models / firmware versions
Disclosed: November 18, 2014
This module exploits a vulnerability in the Microsoft Kerberos implementation. The problem
exists in the verification of the Privilege Attribute Certificate (PAC) from a Kerberos TGS
request, where a domain user may forge a PAC with arbitrary privileges, including
Domain Administrator. This module requests a TGT ticket wi...
Disclosed: November 17, 2014
This module implements the DLSw information disclosure retrieval. There
is a bug in Cisco's DLSw implementation affecting 12.x and 15.x trains
that allows an unuthenticated remote attacker to retrieve the partial
contents of packets traversing a Cisco router with DLSw configured