Vulnerability & Exploit Database

Displaying module details 1 - 10 of 3178 in total

Apache Struts Dynamic Method Invocation Remote Code Execution Exploit

Disclosed: April 27, 2016

This module exploits a remote command execution vulnerability in Apache Struts version between 2.3.20 and 2.3.28 (except 2.3.20.2 and 2.3.24.2). Remote Code Execution can be performed via method: prefix when Dynamic Method Invocation is enabled.

ExaGrid Known SSH Key and Default Password Exploit

Disclosed: April 07, 2016

ExaGrid ships a public/private key pair on their backup appliances to allow passwordless authentication to other ExaGrid appliances. Since the private key is easily retrievable, an attacker can use it to gain unauthorized remote access as root. Additionally, this module will attempt to use the default password fo...

Novell ServiceDesk Authenticated File Upload Exploit

Disclosed: March 30, 2016

This module exploits an authenticated arbitrary file upload via directory traversal to execute code on the target. It has been tested on versions 6.5 and 7.1.0, in Windows and Linux installations of Novell ServiceDesk, as well as the Virtual Appliance provided by Novell.

HTTP Client Information Gather Exploit

Disclosed: March 22, 2016

This module gathers information about a browser that exploits might be interested in, such as OS name, browser version, plugins, etc. By default, the module will return a fake 404, but you can customize this output by changing the Custom404 datastore option, and redirect to an external web page.

Exim "perl_startup" Privilege Escalation Exploit

Disclosed: March 10, 2016

This module exploits a Perl injection vulnerability in Exim < 4.86.2 given the presence of the "perl_startup" configuration parameter.

Apache Jetspeed Arbitrary File Upload Exploit

Disclosed: March 06, 2016

This module exploits the unsecured User Manager REST API and a ZIP file path traversal in Apache Jetspeed-2, version 2.3.0 and unknown earlier versions, to upload and execute a shell. Note: this exploit will create, use, and then delete a new admin user. Warning: in testing, exploiting the file upload clobbered ...

ATutor 2.2.1 SQL Injection / Remote Code Execution Exploit

Disclosed: March 01, 2016

This module exploits a SQL Injection vulnerability and an authentication weakness vulnerability in ATutor. This essentially means an attacker can bypass authentication and reach the administrator's interface where they can upload malicious code.

ATutor 2.2.1 Directory Traversal / Remote Code Execution Exploit

Disclosed: March 01, 2016

This module exploits a directory traversal vulnerability in ATutor on an Apache/PHP setup with display_errors set to On, which can be used to allow us to upload a malicious ZIP file. On the web application, a blacklist verification is performed before extraction, however it is not sufficient to prevent exploitation. ...

Apache Karaf Default Credentials Command Execution Exploit

Disclosed: February 09, 2016

This module exploits a default misconfiguration flaw on Apache Karaf versions 2.x-4.x. The 'karaf' user has a known default password, which can be used to login to the SSH service, and execute operating system commands from remote.

Apache Karaf Default Credentials Command Execution Exploit

Disclosed: February 09, 2016

This module exploits a default misconfiguration flaw on Apache Karaf versions 2.x-4.x. The 'karaf' user has a known default password, which can be used to login to the SSH service, and execute operating system commands from remote.