Search Hints

  • Try searching for a product or vendor.
  • Only vulnerabilities that match all search terms will be returned.
  • Enclose search terms in double quotes for an exact search.
  • For CVE searches, only enter the CVE-YYYY-XXXX code.

Displaying module details 11 - 20 of 2840 in total

Remote Code Execution in WordPress Platform Theme Exploit

Disclosed: January 21, 2015

The WordPress Theme "platform" contains a remote code execution vulnerability through an unchecked admin_init call. The theme includes the uploaded file from it's temp filename with php's include function.

WordPress Pixabay Images PHP Code Upload Exploit

Disclosed: January 19, 2015

This module exploits multiple vulnerabilities in the WordPress plugin Pixabay Images 2.3.6. The plugin does not check the host of a provided download URL which can be used to store and execute malicious PHP code on the system.

MS15-004 Microsoft Remote Desktop Services Web Proxy IE Sandbox Escape Exploit

Disclosed: January 13, 2015

This module abuses a process creation policy in Internet Explorer's sandbox; specifically, Microsoft's RemoteApp and Desktop Connections runtime proxy, TSWbPrxy.exe. This vulnerability allows the attacker to escape the Protected Mode and execute code with Medium Integrity. At the moment, this module only bypass P...

WordPress WP EasyCart Unrestricted File Upload Exploit

Disclosed: January 08, 2015

WordPress Shopping Cart (WP EasyCart) Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This flaw exists because the /inc/amfphp/administration/banneruploaderscript.php ...

McAfee ePolicy Orchestrator Authenticated XXE Credentials Exposure Exploit

Disclosed: January 06, 2015

This module will exploit an authenticated XXE vulnerability to read the keystore.properties off of the filesystem. This properties file contains an encrypted password that is set during installation. What is interesting about this password is that it is set as the same password as the database 'sa' user and of the admin user cr...

ManageEngine Desktop Central Administrator Account Creation Exploit

Disclosed: December 31, 2014

This module exploits an administrator account creation vulnerability in Desktop Central from v7 onwards by sending a crafted request to DCPluginServelet. It has been tested in several versions of Desktop Central (including MSP) from v7 onwards.

Achat Unicode SEH Buffer Overflow Exploit

Disclosed: December 18, 2014

This module exploits a Unicode SEH buffer overflow in Achat. By sending a crafted message to the default port 9256/UDP, it's possible to overwrite the SEH handler. Even when the exploit is reliable, it depends on timing since there are two threads overflowing the stack in the same time. This module has been tested on ...

Malicious Git and Mercurial HTTP Server For CVE-2014-9390 Exploit

Disclosed: December 18, 2014

This module exploits CVE-2014-9390, which affects Git (versions less than 1.8.5.6, 1.9.5, 2.0.5, 2.1.4 and 2.2.1) and Mercurial (versions less than 3.2.3) and describes three vulnerabilities. On operating systems which have case-insensitive file systems, like Windows and OS X, Git clients can be convinced to retr...

Allegro Software RomPager 'Misfortune Cookie' (CVE-2014-9222) Scanner Exploit

Disclosed: December 17, 2014

This module scans for HTTP servers that appear to be vulnerable to the 'Misfortune Cookie' vulnerability which affects Allegro Software Rompager versions before 4.34 and can allow attackers to authenticate to the HTTP service as an administrator without providing valid credentials.

Malwarebytes Anti-Malware and Anti-Exploit Update Remote Code Execution Exploit

Disclosed: December 16, 2014

This module exploits a vulnerability in the update functionality of Malwarebytes Anti-Malware consumer before 2.0.3 and Malwarebytes Anti-Exploit consumer 1.03.1.1220. Due to the lack of proper update package validation, a man-in-the-middle (MITM) attacker could execute arbitrary code by spoofing the update server...