Search Hints

  • Try searching for a product or vendor.
  • Only vulnerabilities that match all search terms will be returned.
  • Enclose search terms in double quotes for an exact search.
  • For CVE searches, only enter the CVE-YYYY-XXXX code.

Displaying module details 1 - 10 of 2877 in total

iPass Mobile Client Service Privilege Escalation Exploit

Disclosed: March 12, 2015

The named pipe, \IPEFSYSPCPIPE, can be accessed by normal users to interact with the iPass service. The service provides a LaunchAppSysMode command which allows to execute arbitrary commands as SYSTEM.

Microsoft Windows Shell LNK Code Execution Exploit

Disclosed: March 10, 2015

This module exploits a vulnerability in the MS10-046 patch to abuse (again) the handling of Windows Shortcut files (.LNK) that contain an icon resource pointing to a malicious DLL. This module creates the required files to exploit the vulnerability. They must be uploaded to an UNC path accessible by the target. This modul...

Microsoft Windows Shell LNK Code Execution Exploit

Disclosed: March 10, 2015

This module exploits a vulnerability in the MS10-046 patch to abuse (again) the handling of Windows Shortcut files (.LNK) that contain an icon resource pointing to a malicious DLL. This creates an SMB resource to provide the payload and the trigger, and generates a LNK file which must be sent to the target. This module ha...

Generic DLL Injection From Shared Resource Exploit

Disclosed: March 04, 2015

This is a general-purpose module for exploiting conditions where a DLL can be loaded from an specified SMB share. This module serves payloads as DLLs over an SMB service.

Generic Web Application DLL Injection Exploit

Disclosed: March 04, 2015

This is a general-purpose module for exploiting conditions where a HTTP request triggers a DLL load from an specified SMB share. This module serves payloads as DLLs over an SMB service and allows an arbitrary HTTP URL to be called that would trigger the load of the DLL.

PHPMoAdmin 1.1.2 Remote Code Execution Exploit

Disclosed: March 03, 2015

This module exploits an arbitrary PHP command execution vulnerability due to a dangerous use of eval() in PHPMoAdmin.

Seagate Business NAS Unauthenticated Remote Command Execution Exploit

Disclosed: March 01, 2015

Some Seagate Business NAS devices are vulnerable to command execution via a local file include vulnerability hidden in the language parameter of the CodeIgniter session cookie. The vulnerability manifests in the way the language files are included in the code on the login page, and hence is open to attack from users ...

WordPress WP EasyCart Plugin Privilege Escalation Exploit

Disclosed: February 25, 2015

The WordPress WP EasyCart plugin from version 1.1.30 to 3.0.20 allows authenticated users of any user level to set any system option via a lack of validation in the ec_ajax_update_option and ec_ajax_clear_all_taxrates functions located in /inc/admin/admin_ajax_functions.php. The module first changes the admin e-mail addr...

WordPress Admin Shell Upload Exploit

Disclosed: February 21, 2015

This module will generate a plugin, pack the payload into it and upload it to a server running WordPress providing valid admin credentials are used.