Search Hints

  • Try searching for a product or vendor.
  • Only vulnerabilities that match all search terms will be returned.
  • Enclose search terms in double quotes for an exact search.
  • For CVE searches, only enter the CVE-YYYY-XXXX code.

Displaying module details 11 - 20 of 2877 in total

Javascript Injection for Eval-based Unpackers Exploit

Disclosed: February 18, 2015

This module generates a Javascript file that executes arbitrary code when an eval-based unpacker is run on it. Works against js-beautify's P_A_C_K_E_R unpacker.

WordPress Holding Pattern Theme Arbitrary File Upload Exploit

Disclosed: February 11, 2015

This module exploits a file upload vulnerability in all versions of the Holding Pattern theme found in the upload_file.php script which contains no session or file validation. It allows unauthenticated users to upload files of any type and subsequently execute PHP scripts in the context of the web server.

ElasticSearch Search Groovy Sandbox Bypass Exploit

Disclosed: February 11, 2015

This module exploits a remote command execution (RCE) vulnerability in ElasticSearch, exploitable by default on ElasticSearch prior to 1.4.3. The bug is found in the REST API, which does not require authentication, where the search function allows groovy code execution and its sandbox can be bypassed using java.lang.Math....

Maarch LetterBox Unrestricted File Upload Exploit

Disclosed: February 11, 2015

This module exploits a file upload vulnerability on Maarch LetterBox 2.8 due to a lack of session and file validation in the file_to_index.php script. It allows unauthenticated users to upload files of any type and subsequently execute PHP scripts in the context of the web server.

WordPress WPLMS Theme Privilege Escalation Exploit

Disclosed: February 09, 2015

The WordPress WPLMS theme from version 1.5.2 to 1.8.4.1 allows authenticated users of any user level to set any system option via a lack of validation in the import_data function of /includes/func.php. The module first changes the admin e-mail address to prevent any notifications being sent to the actual ...

WordPress Ultimate CSV Importer User Table Extract Exploit

Disclosed: February 02, 2015

Due to lack of verification of a visitor's permissions, it is possible to execute the 'export.php' script included in the default installation of the Ultimate CSV Importer plugin and retrieve the full contents of the user table in the WordPress installation. This results in full disclosure of usernames, hashed pas...

MS15-018 Microsoft Internet Explorer 10 and 11 Cross-Domain JavaScript Injection Exploit

Disclosed: February 01, 2015

This module exploits a universal cross-site scripting (UXSS) vulnerability found in Internet Explorer 10 and 11. By default, you will steal the cookie from TARGET_URI (which cannot have X-Frame-Options or it will fail). You can also have your own custom JavaScript by setting the CUSTOMJS option. Lastly, you might ne...

X360 VideoPlayer ActiveX Control Buffer Overflow Exploit

Disclosed: January 30, 2015

This module exploits a buffer overflow in the VideoPlayer.ocx ActiveX installed with the X360 Software. By setting an overly long value to 'ConvertFile()',an attacker can overrun a .data buffer to bypass ASLR/DEP and finally execute arbitrary code.

ManageEngine Multiple Products Arbitrary File Download Exploit

Disclosed: January 28, 2015

This module exploits an arbitrary file download vulnerability in the FailOverHelperServlet on ManageEngine OpManager, Applications Manager and IT360. This vulnerability is unauthenticated on OpManager and Applications Manager, but authenticated in IT360. This module will attempt to login using the default credentials for ...

ManageEngine Multiple Products Arbitrary Directory Listing Exploit

Disclosed: January 28, 2015

This module exploits a directory listing information disclosure vulnerability in the FailOverHelperServlet on ManageEngine OpManager, Applications Manager and IT360. It makes a recursive listing, so it will list the whole drive if you ask it to list / in Linux or C:\ in Windows. This vulnerability is unauthenticated on Op...