• Close
  • Vulnerability & Exploit Database

    Displaying module details 21 - 30 of 3190 in total

    PostgreSQL CREATE LANGUAGE Execution Exploit

    Disclosed: January 01, 2016

    Some installations of Postgres 8 and 9 are configured to allow loading external scripting languages. Most commonly this is Perl and Python. When enabled, command execution is possible on the host. To execute system commands, loading the "untrusted" version of the language is necessary. This requires a superuser. This is u...

    Android ADB Debug Server Remote Payload Execution Exploit

    Disclosed: January 01, 2016

    Writes and spawns a native payload on an android device that is listening for adb debug messages.

    D-Link DCS-930L Authenticated Remote Command Execution Exploit

    Disclosed: December 20, 2015

    The D-Link DCS-930L Network Video Camera is vulnerable to OS Command Injection via the web interface. The vulnerability exists at /setSystemCommand, which is accessible with credentials. This vulnerability was present in firmware version 2.01 and fixed by 2.12.

    Juniper SSH Backdoor Scanner Exploit

    Disclosed: December 20, 2015

    This module scans for the Juniper SSH backdoor (also valid on Telnet). Any username is required, and the password is <<< %s(un='%s') = %u.

    TP-Link SC2020n Authenticated Telnet Injection Exploit

    Disclosed: December 20, 2015

    The TP-Link SC2020n Network Video Camera is vulnerable to OS Command Injection via the web interface. By firing up the telnet daemon, it is possible to gain root on the device. The vulnerability exists at /cgi-bin/admin/servetest, which is accessible with credentials.

    Telisca IPS Lock Cisco IP Phone Control Exploit

    Disclosed: December 17, 2015

    This module allows an unauthenticated attacker to exercise the "Lock" and "Unlock" functionality of Telisca IPS Lock for Cisco IP Phones. This module should be run in the VoIP VLAN, and requires knowledge of the target phone's name (for example, SEP002497AB1D4B). Set ACTION to either LOCK or UNLOCK. UNLOCK is the...

    IBM Tivoli Storage Manager FastBack Server Opcode 0x534 Denial of Service Exploit

    Disclosed: December 15, 2015

    This module exploits a denial of service condition present in IBM Tivoli Storage Manager FastBack Server when dealing with packets triggering the opcode 0x534 handler.

    Joomla HTTP Header Unauthenticated Remote Code Execution Exploit

    Disclosed: December 14, 2015

    Joomla suffers from an unauthenticated remote code execution that affects all versions from 1.5.0 to 3.4.5. By storing user supplied headers in the databases session table it's possible to truncate the input by sending an UTF-8 character. The custom created payload is then executed once the session is read from the ...

    ManageEngine Desktop Central 9 FileUploadServlet ConnectionId Vulnerability Exploit

    Disclosed: December 14, 2015

    This module exploits a vulnerability found in ManageEngine Desktop Central 9. When uploading a 7z file, the FileUploadServlet class does not check the user-controlled ConnectionId parameter in the FileUploadServlet class. This allows a remote attacker to inject a null bye at the end of the value to create a malicious file...

    MS15-134 Microsoft Windows Media Center MCL Information Disclosure Exploit

    Disclosed: December 08, 2015

    This module exploits a vulnerability found in Windows Media Center. It allows an MCL file to render itself as an HTML document in the local machine zone by Internet Explorer, which can be used to leak files on the target machine. Please be aware that if this exploit is used against a patched Windows, it can cause the ...