Search Hints

  • Try searching for a product or vendor.
  • Only vulnerabilities that match all search terms will be returned.
  • Enclose search terms in double quotes for an exact search.
  • For CVE searches, only enter the CVE-YYYY-XXXX code.

Displaying module details 41 - 50 of 2649 in total

Katello (Red Hat Satellite) users/update_roles Missing Authorization Exploit

Disclosed: March 24, 2014

This module exploits a missing authorization vulnerability in the "update_roles" action of "users" controller of Katello and Red Hat Satellite (Katello 1.5.0-14 and earlier) by changing the specified account to an administrator account.

LifeSize UVC Authenticated RCE via Ping Exploit

Disclosed: March 21, 2014

When authenticated as an administrator on LifeSize UVC 1.2.6, an attacker can abuse the ping diagnostic functionality to achieve remote command execution as the www-data user (or equivalent).

FreePBX config.php Remote Code Execution Exploit

Disclosed: March 21, 2014

This module exploits a vulnerability found in FreePBX version 2.9, 2.10, and 2.11. It's possible to inject arbitrary PHP functions and commands in the "/admin/config.php" parameters "function" and "args".

SePortal SQLi Remote Code Execution Exploit

Disclosed: March 20, 2014

This module exploits a vulnerability found in SePortal version 2.5. When logging in as any non-admin user, it's possible to retrieve the admin session from the database through SQL injection. The SQL injection vulnerability exists in the "staticpages.php" page. This hash can be used to take over the admin user ses...

Quantum vmPRO Backdoor Command Exploit

Disclosed: March 17, 2014

This module abuses a backdoor command in Quantum vmPRO. Any user, even one without admin privileges, can get access to the restricted SSH shell. By using the hidden backdoor "shell-escape" command it's possible to drop to a real root bash shell. This module has been tested successfully on Quantum vmPRO 3.1.2.

Loadbalancer.org Enterprise VA SSH Private Key Exposure Exploit

Disclosed: March 17, 2014

Loadbalancer.org ships a public/private key pair on Enterprise virtual appliances version 7.5.2 that allows passwordless authentication to any other LB Enterprise box. Since the key is easily retrievable, an attacker can use it to gain unauthorized remote access as root.

Quantum DXi V1000 SSH Private Key Exposure Exploit

Disclosed: March 17, 2014

Quantum ships a public/private key pair on DXi V1000 2.2.1 appliances that allows passwordless authentication to any other DXi box. Since the key is easily retrievable, an attacker can use it to gain unauthorized remote access as root.

VirtualBox 3D Acceleration Virtual Machine Escape Exploit

Disclosed: March 11, 2014

This module exploits a vulnerability in the 3D Acceleration support for VirtualBox. The vulnerability exists in the remote rendering of OpenGL-based 3D graphics. By sending a sequence of specially crafted rendering messages, a virtual machine can exploit an out of bounds array access to corrupt memory and escape to the ho...