Search Hints

  • Try searching for a product or vendor.
  • Only vulnerabilities that match all search terms will be returned.
  • Enclose search terms in double quotes for an exact search.
  • For CVE searches, only enter the CVE-YYYY-XXXX code.

Displaying module details 41 - 50 of 2661 in total

Sophos Web Protection Appliance Interface Authenticated Arbitrary Command Execution Exploit

Disclosed: April 08, 2014

This module takes advantage of two vulnerabilities in order to gain remote code execution as root as an otherwise non-privileged authorized user. By taking advantage of a mass assignment vulnerability that allows an unprivileged authenticated user to change the admininistrator's password hash, the module updates the passw...

OpenSSL Heartbeat (Heartbleed) Information Leak Exploit

Disclosed: April 07, 2014

This module implements the OpenSSL Heartbleed attack. The problem exists in the handling of heartbeat requests, where a fake length can be used to leak memory data in the response. Services that support STARTTLS may also be vulnerable. The module supports several actions, allowing for scanning, dumping of ...

eScan Web Management Console Command Injection Exploit

Disclosed: April 04, 2014

This module exploits a command injection vulnerability found in the eScan Web Management Console. The vulnerability exists while processing CheckPass login requests. An attacker with a valid username can use a malformed password to execute arbitrary commands. With mwconf privileges, the runasroot utility can be abused to ...

MS14-017 Microsoft Word RTF Object Confusion Exploit

Disclosed: April 01, 2014

This module creates a malicious RTF file that when opened in vulnerable versions of Microsoft Word will lead to code execution. The flaw exists in how a listoverridecount field can be modified to treat one structure as another. This bug was originally seen being exploited in the wild starting in April 201...

AlienVault Authenticated SQL Injection Arbitrary File Read Exploit

Disclosed: March 30, 2014

AlienVault 4.5.0 is susceptible to an authenticated SQL injection attack via a PNG generation PHP file. This module exploits this to read an arbitrary file from the file system. Any authenticated user is able to exploit it, as administrator privileges aren't required.

Katello (Red Hat Satellite) users/update_roles Missing Authorization Exploit

Disclosed: March 24, 2014

This module exploits a missing authorization vulnerability in the "update_roles" action of "users" controller of Katello and Red Hat Satellite (Katello 1.5.0-14 and earlier) by changing the specified account to an administrator account.

LifeSize UVC Authenticated RCE via Ping Exploit

Disclosed: March 21, 2014

When authenticated as an administrator on LifeSize UVC 1.2.6, an attacker can abuse the ping diagnostic functionality to achieve remote command execution as the www-data user (or equivalent).