• Close
  • Vulnerability & Exploit Database

    Displaying module details 1 - 10 of 3190 in total

    WordPress Ninja Forms Unauthenticated File Upload Exploit

    Disclosed: May 04, 2016

    Versions 2.9.36 to 2.9.42 of the Ninja Forms plugin contain an unauthenticated file upload vulnerability, allowing guests to upload arbitrary PHP code that can be executed in the context of the web server.

    ImageMagick Delegate Arbitrary Command Execution Exploit

    Disclosed: May 03, 2016

    This module exploits a shell command injection in the way "delegates" (commands for converting files) are processed in ImageMagick versions <= 7.0.1-0 and <= 6.9.3-9 (legacy). Since ImageMagick uses file magic to detect file format, you can create a .png (for example) which is actually a crafted SVG (for example)...

    Allwinner 3.4 Legacy Kernel Local Privilege Escalation Exploit

    Disclosed: April 30, 2016

    This module attempts to exploit a debug backdoor privilege escalation in Allwinner SoC based devices. Vulnerable Allwinner SoC chips: H3, A83T or H8 which rely on Kernel 3.4 Vulnerable OS: all OS images available for Orange Pis, any for FriendlyARM's NanoPi M1, SinoV...

    Apache Struts Dynamic Method Invocation Remote Code Execution Exploit

    Disclosed: April 27, 2016

    This module exploits a remote command execution vulnerability in Apache Struts version between 2.3.20 and 2.3.28 (except 2.3.20.2 and 2.3.24.2). Remote Code Execution can be performed via method: prefix when Dynamic Method Invocation is enabled.

    Apache Struts Dynamic Method Invocation Remote Code Execution Exploit

    Disclosed: April 27, 2016

    This module exploits a remote command execution vulnerability in Apache Struts version between 2.3.20 and 2.3.28 (except 2.3.20.2 and 2.3.24.2). Remote Code Execution can be performed via method: prefix when Dynamic Method Invocation is enabled.

    ExaGrid Known SSH Key and Default Password Exploit

    Disclosed: April 07, 2016

    ExaGrid ships a public/private key pair on their backup appliances to allow passwordless authentication to other ExaGrid appliances. Since the private key is easily retrievable, an attacker can use it to gain unauthorized remote access as root. Additionally, this module will attempt to use the default password fo...

    Novell ServiceDesk Authenticated File Upload Exploit

    Disclosed: March 30, 2016

    This module exploits an authenticated arbitrary file upload via directory traversal to execute code on the target. It has been tested on versions 6.5 and 7.1.0, in Windows and Linux installations of Novell ServiceDesk, as well as the Virtual Appliance provided by Novell.

    HTTP Client Information Gather Exploit

    Disclosed: March 22, 2016

    This module gathers information about a browser that exploits might be interested in, such as OS name, browser version, plugins, etc. By default, the module will return a fake 404, but you can customize this output by changing the Custom404 datastore option, and redirect to an external web page.

    Exim "perl_startup" Privilege Escalation Exploit

    Disclosed: March 10, 2016

    This module exploits a Perl injection vulnerability in Exim < 4.86.2 given the presence of the "perl_startup" configuration parameter.

    Apache Jetspeed Arbitrary File Upload Exploit

    Disclosed: March 06, 2016

    This module exploits the unsecured User Manager REST API and a ZIP file path traversal in Apache Jetspeed-2, version 2.3.0 and unknown earlier versions, to upload and execute a shell. Note: this exploit will create, use, and then delete a new admin user. Warning: in testing, exploiting the file upload clobbered ...